Canals Help Center
Home
Setup/configuration

Configuring SSO via Microsoft AD

Edited

  1. In AD, click on Add enterprise application

  2. Click Create your own application

  3. Give it a name

  4. From the Settings -> Users page in Canals, at the bottom, is a SAML SSO setup section. download the Canals metadata file from there.

  5. Upload the file to AD.

    Note: Ensure the unique user identifier is set to user.mail. Sometimes it defaults to something else

  1. Download the Federation Metadata XML from AD.

  2. Back on the Canals settings page, upload your xml.

  3. Optionally, create canals_oe_users, canals_ap_users, and canals_admins groups and in the Group membership section add a line mapping those to an attribute called “groups”.

    If a user is part of those groups, they’ll automatically be granted the appropriate permissions in Canals. Otherwise you’ll need to set those permissions inside Canals on the Users page.

  4. You might need to whitelist which groups are allowed access to Canals. If you created the Canals groups from the previous steps, you can assign those. Otherwise, you can assign whatever are the correct groups/users that should have access to Canals.

  5. The Canals team will provide you with a unique link that your team can use to sign up or log into Canals without having to be manually invited from the Users page.