Enable Single SignOn from AWS SSO to your Canary Console with these steps.
Step 1: Log in to your Console
Step 2: Open Global Settings
Click on the gear icon, then Global Settings.
Step 3: Check SAML Settings
Click on SAML and your Console SAML settings will be displayed.
Step 4: Add New Application
Log in to AWS and navigate to AWS SSO > Applications and then select Add a new application.
Select Add a custom SAML 2.0 application.
Step 5: Configure Application
1. Add a Display name — i.e, we used Canary Console.
2. Add a Description — i.e, we used SAML Federation in Canary Console.
Step 6: Set Metadata
Select If you don't have a metadata file, you can manually type your metadata values.
Under Application ACS URL* field, paste the ACS (Login URL) from Step 3. (1)
Under Application SAML audience* field, paste the Service Provider ID from Step 3. (2)
Select Save changes. (3)
Step 7: Download Metadata
Select Download to download your metadata file and send this back to us in a support ticket here to complete the configuration on our side.
Please include your AWS SSO Portal URL in the mail — i.e https://[yourdirectory].awsapps.com/start.
Step 8: Map Attribute
Select Attribute mappings tab.
Map the Subject attribute to "${user:email}" and set the Format to "emailAddress". Additionally, add a new attribute mapping client with the value canary-console and set the Format to unspecified.
Step 9: Assign permissions
Select which users and/or groups are allowed to authenticate.
Step 10: Access Canary Console via AWS SSO
Click on Canary Console in your AWS SSO portal, once we've confirmed that we've completed the setup on our side.