Description: Your Canary Console supports SAML for centralised authentication management.
In this guide, we'll get Google Workspace setup as a SSO provider.
Step 1: Grabbing your SAML parameters
Login to your Canary Console.
Click on the Gear Icon and then Global Settings.
Scroll down to SAML section at the bottom of the page. You will find your SAML parameters which we'll need for the setup on Google Workspace. (If you know your Console hash, you can head there directly with https://YOURHASH.canary.tools/nest/settings/saml
)
Step 2: Configure a custom app in Workspace.
Note: At the time of writing, Google's documentation on setting up a custom SAML app is found here it's always worth running checking the documentation for updates in the process if things don't look right.
Head over to your Google Admin - Web and mobile apps page here.
- Select the Apps drop down menu from the left pane.
- Select the Web and mobile apps sub menu.
- Select the Add app drop down menu.
- Select Add custom SAML app.
- Enter a recognisable name for the SAML app.
- Add an App Icon. (Available for downloaded here.)
- Select CONTINUE when ready.
Download your IdP Metadata, and save it for safekeeping, you'll need it for later.
Configure the SAML app with your parameters:
Enter your ACS (Login URL) from your Canary Console in Step 1.
Enter your Entity ID from the Service Provider ID parameter from your Canary Console in Step 1.
Note: Remember to include the trailing slash "/".
Additionally, set the Name ID format to EMAIL and leave the Name ID as Basic Information > Primary email. Progress through the wizard by clicking the continue button.
The attribute mapping page can be kept to the defaults / blank, and skipped.
Your app is now successfully created, lets assign it to some users so they can login.
Step 3: Assign Users/Groups
Select the drop down arrow on the top right of your SAML app.
Depending on your requirement, add a certain group/s to the application. Enable the service for them and click on the save button when done.
Your Google Workspace configuration is done!
Step 4: Send your Metadata and Service Provider ID (SP ID) to support.
We'll now need your SAML metadata XML file, as well as your Service provider ID as shown below:
https://admin.google.com/ac/apps/saml/847361429007
Send us a mail to support@canary.tools with your metadata and SPID and we'll configure then confirm when your Console is ready to use SSO.
You're done! ;-)