Enable Single SignOn from Google G Suite to your Canary Console with these steps. We do support both IdP-initiated authentication and SP-initiated authentication.
Step 1: Create a support request to enable SAML
Drop us a note at email@example.com to enable SAML and we’ll get your Console ready.
We'll enable SAML support on your Console which will generate the parameters you need.
Step 2: Log in to your Canary Console and copy the SAML parameters
Login to your Console, click "Setup" on the top navbar, then "SAML" on the left menu:
Step 3: Login to your Google admin console and create a SAML application
Login into your Google admin console by going here. You will be taken to your Google admin dashboard. Click on "Apps".
Click on "SAML apps".
Next, click on the little plus sign (+) at the bottom right of the screen. This is to create a new SAML application. Click "Setup my own custom app".
Step 4: Configuring your SAML application
The next screen contains two steps:
1. Click the "Download" to download the IDP metadata XML file that you will need to send to us (we will mention this later; just keep it safe for now).
2. Click "Next" to continue with configuring your SAML application
The next screen contains three steps (although one is optional):
1. Enter an "Application Name". This is a required field. Enter "Canary Console SAML Application".
2. Download this image to use for your Canary Console SAML Application. This is not a required step, but it does make it easier to see what Google App is your Canary Console SAML app.
3. Click "Next" to continue.
The next screen is very important and has 5 steps:
1. In step 2, you were shown the "ACS (Login Url)" in your Canary Console setup page. Copy that link into here.
2. In step 2, you were shown the "SP Entity ID" in your Canary Console setup page. Copy that link into here.
3. Ensure that the "Name ID" is chosen to be "Primary Email". This is required by your Canary Console to use your email to sign you in.
4. Ensure that "Name ID Format" is "EMAIL".
Please note: you must leave the "Signed Response" checkbox unchecked, please.
5. Click "Next" once you are sure the above steps have been completed properly.
You have now created your Canary Console SAML application. Congratulations!
Step 5: Enabling your new SAML application for everyone.
Once your SAML application is finished. You can head over to the "SAML apps" via your Google Admin dashboard. Click "Apps".
Click "SAML apps".
You will notice that you have a "Canary Console" (or the name you choose earlier) application. Click on the application.
Click "Edit Service".
The next screen has two steps:
1. Choose "ON for everyone" to enable the Canary Console SAML application for users in your organisation. You can also choose different organisational units or groups to enable the application. More information can be found over here.
2. Click "Save".
Step 6: Send us the SAML Metadata
Send us the SAML metadata file you downloaded from step 4. You can send it to us via the same open support ticket. We'll configure your Console with the IdP metadata and confirm when SAML support is fully set up.
Step 7: Test login from the Console
You'll know it's working when you see your Console Login page show a "Login with SSO" button. Click "Login with SSO" to initiate a login.
Step 8 (Optional): Login from Google Dashboard
If you would like to login to your Canary Console from your Google dashboard by clicking on the "Apps" dots on the top right of the Google Admin console:
In order for you to log in from the Google Dashboard, you must let the support team at Canary know; it is known as IdP-initiated login, which must be enabled for your Canary Console.