Already have Single Sign-On configured and looking to control user and role provisioning or make Single Sign-On mandatory? Jump to this article to learn more.

Step 1: Create an Okta Application

To build a SAML connection to Red Canary's portal, you'll need to set up a New App in Okta.  To do this, log into Okta as an administrator and select Applications from the top navigation menu.  

From the Applications screen, choose Add Application, then Create New App and select SAML 2.0:

Name the new application Red Canary Portal and click Next:

Step 2: Configure the Okta Application

You'll then need to configure the Okta connection to Red Canary's SAML service provider.  

  • Set Single sign on URL to https://<your_domain> 
  • Check Use this for Recipient URL Destination URL.
  • Set Audience URI (SP Entity ID) to the value listed in the Red Canary SSO configuration's Entity / Issuer value.
  • Set Name ID format to EmailAddress.
  • Set Application username to Email.
  • Set Attribute Statements using the format below (note: although the Okta interface indicates that the attribute statements are "optional", they are required for Red Canary):

Click Download Okta Certificate.

Save the Okta application.

Step 3: Prepare to configure Red Canary

Click View Setup Instructions:

 Copy the following set of URLs and values:

Step 4: Configure Red Canary

Head over to your Red Canary portal and navigate to Profile > Single Sign-On

  • Paste the text contents of the X.509 certificate into the Identity Provider X509 Cert field.
  • Set Identity Provider SSO Target URL to the Okta application's Identity Provider Single Sign-On URL.
  • Set Identity Provider SLO Target URL to the Okta Application's Identity Provider Single Signout URL.
  • Set Identity Provider Entity ID to the Okta application's Identity Provider Issuer.
  • Set Email Attribute to Email

Check This SSO configuration should be active and click Save Configuration.

That's it! Setting up SAML can be a giant pain in the butt, so if you have any issues, email us at

Did this answer your question?