Red Canary supports single sign-on (SSO) to any SAML-compliant identity provider. PingOne is a commonly used identity provider that you can use to control access to Red Canary.

Setting up single sign-on to PingOne

To configure Red Canary to use PingOne as your SSO provider:

Log into https://admin.pingone.com with your administrative account.
Navigate to the applications section and click Add Application > New SAML Application.
Set the Application Name to Red Canary.
Set the Application Description and Category as you wish.
Set the Application Icon to a Red Canary stamp from https://redcanary.com/brand/#stamp.
Click Continue to Next Step.
Set Assertion Consumer Service (ACS) to https://<your_domain>.my.redcanary.co/saml_sp/consume.
Set Entity ID to the value listed in the Red Canary SSO configuration's Entity / Issuer value.
Upload Red Canary's SAML signing certificate as the Primary Verification Certificate. Download the certificate here.
Click Continue to Next Step.
Map the Email Application Attribute to the Email Identity Bridge Attribute.
Click Save and Publish.
Download your SAML Metadata. This file contains your Entity ID, Identity Provider SLO Target URL, and Identity Provider X509 signing certificate.
In Red Canary, click your profile > Single Sign-On in the site navigation.
Convert the Identity Provider X509 signing certificate you downloaded to Base64 and paste the text contents into the Identity Provider X509 Cert field.
Set Identity Provider SSO Target URL to the PingOne application's Initiate Single Sign-On (SSO) URL.
Set Identify Provider SLO Target URL to https://sso.connect.pingidentity.com/sso/SLO.saml2.
Set Identity Provider Entity ID to the https://pingone.com/idp/<customer>.
Set Email Attribute to Email.
Check This SSO configuration should be active.
Click Save Configuration.

Setting up SAML can occasionally be problematic, so if you have any issues, submit a support case and we’ll jump on a call to debug with you (or check the troubleshooting guide).