Single Sign On implementations vary in how they handle user creation, role assignment, and whether SSO is mandatory or optional. The follow features are available in Red Canary's SSO implementation:

User provisioning 

If you would like Red Canary to automatically create a Red Canary user account for any user logging in via your SSO platform, check Automatically create a Red Canary user the first time a user is authenticated.

Activating this feature will allow any user you’ve granted access to Red Canary with your SSO identity provider to use Red Canary. This requires you to carefully manage application access in your SSO provider.

If you do not activate this feature, you must invite users to Red Canary using the standard Administration > Users > Invite User process. The invitation email must exactly match the user’s email in your SSO provider.

Automatic role granting

If you have activated automatic user provisioning, you can specify the roles that should be granted to a new user created by Red Canary by selecting roles under Grant the following roles to users when they first sign in

Note: These roles are ONLY applied on initial user creation, so they can be modified in the future without fear of Red Canary overwriting those manual role assignments.

Mandating Single Sign On logins

To mandate login via your SSO provider and disable username and password authentication, select Disable username / password login and require login via Single Sign On. This will force logins via your SSO provider.

Note: Removing a user from a portal does not fully delete the user, it removes their roles; the user still exists on the backend. Thus there is no user to create on the next SSO sign in because they already exist. If you select the "Grant these roles on EVERY sign in", it will assign them new roles and perform as they expected.

If your SSO provider information changes in any way that prevents SSO login from working, contact support@redcanary.com.

Did this answer your question?