This article provides step-by-step instructions for how to enable and configure Single Sign On (SSO), located on the Account Settings page, as well as information on user management when SSO is in use.
Enabling SSO authentication for your account allows you to leverage your existing Identity Provider to manage your GoCanvas users.
Please Note
Accounts cannot use both SSO and LDAP simultaneously.
Single Sign On
SSO is especially valuable if you are managing a large number of users and need more control over who has access to their GoCanvas account.
Navigate to the Account Settings page following the instructions based on your Account View.
Expand the Account drop down in the left navigation and select Account Settings.
- At the top of the left navigation, expand the menu under the username indicating the current Department and switch to the All Department.
- Expand the Account drop down in the left navigation and select Account Settings.
Click your username at the bottom of the left navigation to expand the menu and select Account.
- At the top of the left navigation, expand the menu under the GoCanvas logo indicating the current Department and switch to the All Department.
- Expand the Account drop down in the left navigation and select Account Settings.
- Scroll to Advanced Settings and click the Settings buttons associated with Single Sign On. If Single Sign On is not included in your plan, you will receive a pop-up requiring you to upgrade your plan.
Configuring SSO
Below the screenshot of the Single Sign On Settings page are explanations for each field.
This is the Issuer URI of the Identity Provider. This value is usually the SAML Metadata EntityID of the IDP EntityDescriptor.
Specifies whether to sign SAML AuthnRequest messages that are sent from GoCanvas to Identity Provider. When enabled, the SAML authentication request will be signed. Download the certification (open up the View setup instruction for IDP provider section) and give it to the Identity Provider that will receive the signed assertion so it can validate the signature.
How it Works
GoCanvas uses a SP-Initiated SSO method of authenticating your users to your Identity Provider. When a user attempts to authenticate, GoCanvas looks up the identity provider settings you configured, and figures out the user's SSO settings. The request is redirected to the Identity Provider to handle authentication. If the user is not already logged on to the Identity Provider site or if re-authentication is required, the Identity Provider asks for credentials, i.e. username and password.
The Identity Provider's SSO service returns an HTML form to the browser with a SAML response containing the authentication assertion and any additional attributes. The browser automatically posts the HTML form back to the GoCanvas. If the authentication assertion for the user succeeds, GoCanvas considers the user to be authenticated and allows him/her access. If authentication assertion fails, the user is denied access.
User Management
Adding Users
You can add your SSO users to GoCanvas by following the instructions in the article, "How to Add Users and Seats."
If you have SSO configured within your account, the form will check the Use SSO Authentication checkbox by default. If you wish to set up any particular user without SSO for authentication, unchecking this box will present you with options for setting the user's password directly within GoCanvas.
Disabling Users
Disabling a user within your authentication server will not disable their GoCanvas account, but it will prevent them from logging in. Note that already authenticated users will remain authenticated on the web, but will be unable to log in or sync via the GoCanvas mobile application. If it's important that their access to GoCanvas be revoked immediately, disable the user on the website following the instructions in the article, "How to Disable a User."
Editing a User's Settings
At any time, you can turn off SSO authentication for a user's GoCanvas account with the button Edit SSO Settings in a user's Profile, accessible from the Users or Team page.
Navigate to the Users or Team page, following the instructions based on your Account View.
Expand the Account dropdown in the left navigation and select Users.
- At the top of the left navigation, expand the menu under the username indicating the current Department and switch to the All Department.
- Expand the Account dropdown in the left navigation and select Users to see all users across Departments.
Please note that the Department menu above Profile in the left navigation also has navigation to a Users page that is dedicated to the users of the current Department.
Click Team in the left navigation.
- At the top of the left navigation, expand the menu under the GoCanvas logo indicating the current Department and switch to the All Department.
- Expand the Account dropdown in the left navigation and select Users to see all users across Departments.
Please note that when Departments are enabled, the Team page is dedicated to the users of the current Department.
Forgotten Passwords
When a user is configured to authenticate to an Identity Provider, GoCanvas is unable to use the typical forgotten password process. Instead, when a user visits the Forgot Password form and enters their email address, GoCanvas detects that they are an SSO user and prompts them to seek help from their company IT department or help desk.
Did we answer your question?
We'd really appreciate your feedback! Please leave your suggestions for improvement in the comments or let us know what you're looking for so we can assist you better. We want to help, but we need to understand your needs!
Comments
0 commentsPlease sign in to leave a comment.