Red Canary supports single sign-on (SSO) to any Security Assertion Markup Language (SAML)-compliant identity provider. PingOne is a commonly used identity provider that you can use to control access to Red Canary.
- Log into https://admin.pingone.com with your administrative account.
- Navigate to the applications section and click Add Application > New SAML Application.
- Set the Application Name to Red Canary.
- Set the Application Description and Category as you wish.
- Set the Application Icon to a Red Canary stamp from https://redcanary.com/brand/#stamp.
- Click Continue to Next Step.
- Set Assertion Consumer Service (ACS) to https://<your_domain>.my.redcanary.co/saml_sp/consume.
- Set Entity ID to the value listed in the Red Canary SSO configuration's Entity / Issuer value.
- Upload Red Canary's SAML signing certificate as the Primary Verification Certificate. Download the certificate here.
- Click Continue to Next Step.
- Map the Email Application Attribute to the Email Identity Bridge Attribute.
- Click Save and Publish.
- Download your SAML Metadata. This file contains your Entity ID, Identity Provider SLO Target URL, and Identity Provider X509 signing certificate.
- Click your user icon at the top right of your Red Canary, and then click Single Sign-on.
- Convert the Identity Provider X509 signing certificate you downloaded to Base64 and paste the text contents into the Identity Provider X509 Cert (Base64 encoded) field.
- Set Identity Provider SSO Target URL to the PingOne application's Initiate Single Sign-On (SSO) URL.
- Set Identify Provider SLO Target URL to https://sso.connect.pingidentity.com/sso/SLO.saml2.
- Set Identity Provider Entity ID to the https://pingone.com/idp/<customer>.
- Set Email Attribute to Email.
- Check This SSO configuration should be active (found at the top of the page).
- Click Save.
Comments
0 comments
Please sign in to leave a comment.