Red Canary supports single sign-on (SSO) to any SAML-compliant identity provider. PingOne is a commonly used identity provider that you can use to control access to Red Canary.
Setting up single sign-on to PingOne
To configure Red Canary to use PingOne as your SSO provider:
- Log into https://admin.pingone.com with your administrative account.
- Navigate to the applications section and click Add Application > New SAML Application.
- Set the Application Name to Red Canary.
- Set the Application Description and Category as you wish.
- Set the Application Icon to a Red Canary stamp from https://redcanary.com/brand/#stamp.
- Click Continue to Next Step.
- Set Assertion Consumer Service (ACS) to https://<your_domain>.my.redcanary.co/saml_sp/consume.
- Set Entity ID to the value listed in the Red Canary SSO configuration's Entity / Issuer value.
- Upload Red Canary's SAML signing certificate as the Primary Verification Certificate. Download the certificate here.
- Click Continue to Next Step.
- Map the Email Application Attribute to the Email Identity Bridge Attribute.
- Click Save and Publish.
- Download your SAML Metadata. This file contains your Entity ID, Identity Provider SLO Target URL, and Identity Provider X509 signing certificate.
- In Red Canary, click your profile > Single Sign-On in the site navigation.
- Convert the Identity Provider X509 signing certificate you downloaded to Base64 and paste the text contents into the Identity Provider X509 Cert field.
- Set Identity Provider SSO Target URL to the PingOne application's Initiate Single Sign-On (SSO) URL.
- Set Identify Provider SLO Target URL to https://sso.connect.pingidentity.com/sso/SLO.saml2.
- Set Identity Provider Entity ID to the https://pingone.com/idp/<customer>.
- Set Email Attribute to Email.
- Check This SSO configuration should be active.
- Click Save Configuration.
Setting up SAML can occasionally be problematic, so if you have any issues, submit a support case and we’ll jump on a call to debug with you (or check the troubleshooting guide).