Skip to main content

Search

Configuring SAML: Google G Suite

Introduction

Enable Single SignOn from Google G Suite to your Canary Console with these steps. We do support both IdP-initiated authentication and SP-initiated authentication.

 

Step 1: Log in to your Canary Console and copy the SAML parameters

Login to your Console, click "Setup" on the top navbar, then "SAML" on the left menu:

saml_settings.png

Step 2: Login to your Google admin console and create a SAML application

Login into your Google admin console by going here. You will be taken to your Google admin dashboard. Click on "Apps".

google_dashboard.png

Click on "SAML apps".

google_saml_app.png

Next, click on the little plus sign (+) at the bottom right of the screen. This is to create a new SAML application. Click "Setup my own custom app". 

google_saml_create_custom.png

 

Step 3: Configuring your SAML application

The next screen contains two steps:

1. Click the "Download" to download the IDP metadata XML file that you will need to send to us (we will mention this later; just keep it safe for now).

2. Click "Next" to continue with configuring your SAML application

download_idp_metadata.png

The next screen contains three steps (although one is optional):

1. Enter an "Application Name". This is a required field. Enter "Canary Console SAML Application".

2. Download this image to use for your Canary Console SAML Application. This is not a required step, but it does make it easier to see what Google App is your Canary Console SAML app.

3. Click "Next" to continue. 

saml_naming_app.png

The next screen is very important and has 5 steps:

1. In step 1, you were shown the "ACS (Login Url)" in your Canary Console setup page. Copy that link into here. 

2. In step 1, you were shown the "SP Entity ID" in your Canary Console setup page. Copy that link into here.

3. Ensure that the "Name ID" is chosen to be "Primary Email". This is required by your Canary Console to use your email to sign you in.

4. Ensure that "Name ID Format" is "EMAIL". 

Please note: you must leave the "Signed Response" checkbox unchecked, please.

5. Click "Next" once you are sure the above steps have been completed properly.

configure_google_saml.png

You have now created your Canary Console SAML application. Congratulations!

Step 4: Enabling your new SAML application for everyone.

Once your SAML application is finished. You can head over to the "SAML apps" via your Google Admin dashboard. Click "Apps".

google_dashboard.png

Click "SAML apps".

google_saml_app.png

You will notice that you have a "Canary Console" (or the name you choose earlier) application. Click on the application.

created_saml_app.png

Click "Edit Service".

edit_service.png

The next screen has two steps:

1. Choose "ON for everyone" to enable the Canary Console SAML application for users in your organisation. You can also choose different organisational units or groups to enable the application. More information can be found over here.

2. Click "Save".

enable_everyone.png

Step 5: Send us the SAML Metadata

Send us the SAML metadata file you downloaded from step 3. You can send it to us in a support ticket at support@canary.tools and we'll configure your Console with the IdP metadata and confirm when SAML support is fully set up.

Step 6: Test login from the Console

You'll know it's working when you see your Console Login page show a "Login with SSO" button. Click "Login with SSO" to initiate a login.

canaryconsole_login.png

Step 7 (Optional): Login from Google Dashboard

If you would like to login to your Canary Console from your Google dashboard by clicking on the "Apps" dots on the top right of the Google Admin console:

canary_console_app.png

In order for you to log in from the Google Dashboard, you must let the support team at Canary know; it is known as IdP-initiated login, which must be enabled for your Canary Console.

Was this article helpful?
0 out of 0 found this helpful
Return to top