Skip to main content

Search

Configuring AWS SSO as a SAML IdP

Introduction

Enable Single SignOn from AWS SSO to your Canary Console with these steps.

 

Step 1:

Log in to your Console.

Canary_Login_.png

Step 2:

Click on the Gear Icon and then Global Settings.

Global_Settings-Green.png

Step 3:

Click on SAML and your Console SAML settings will be displayed.

Console_SSO_Details.png

Step 4:

Log in to AWS and navigate to AWS SSO > Applications and then select Add a new application.

aws-sso-step1.png

Step 5:

Select Add a custom SAML 2.0 application.

aws-sso-step2.png

Step 6:

1. Add a Display name - i.e: we used Canary Console

2. Add a Description - i.e: we used SAML Federation into Canary Console

aws-sso-step3.png

Step 7:

Select If you don't have a metadata file, you can manually type your metadata values.

aws-sso-step4.png

Step 8:

1. Under Application ACS URL* field, paste the ACS (Login URL) from Step 3

2. Under Application SAML audience* field, paste the Service Provider ID from Step 3

3 Select Save changes

aws-sso-step5.png

Step 9:

Select Download to download your metadata file and send this back to us in a support ticket at support@canary.tools to complete the configuration on our side.

Note: please include your AWS SSO Portal URL in the mail - i.e https://[yourdirectory].awsapps.com/start

aws-sso-step-10.png

Step 10:

Select Attribute mappings tab.

aws-sso-step-11.png

Step 11:

Map the Subject attribute to "${user:email}" and set the Format to "emailAddress".

Additionally, add a new attribute mapping "client" with the value "canary-console" and set the Format to "unspecified".

Screenshot 2024-02-19 at 12.49.49.png
Step 12:

Select which users and/or groups are allowed to authenticate.

aws-sso-step9.png

Step 13:

Click on "Canary Console" in your AWS SSO portal, once we've confirmed that we've completed the setup on our side.

aws-sso-step10.png

You're done! ;-)

 

Was this article helpful?
0 out of 0 found this helpful
Return to top