Red Canary supports single sign-on (SSO) to any SAML-compliant identity provider. Microsoft’s Azure Active Directory is a commonly used identity provider that you can use to control access to Red Canary.
Setting up single sign-on to Azure AD
To configure Red Canary to use Azure AD as your SSO provider:
- Login to your Microsoft Azure AD administration portal.
- Create a Non-gallery Enterprise application.
- Choose SAML-based Sign-on.
- Set SAML Version to 2.0.
- Set Identifier to the value listed in the Red Canary SSO configuration's Entity / Issuer value.
- Set Reply URL to https://<your domain>.my.redcanary.co/saml_sp/consume
- Set User Identifier to user.mail.
- Configure SAML Token Attributes. The values for these attributes are specific to your Active Directory configuration and may not match the picture below. You MUST provide LastName, FirstName, and Email WITHOUT any "Namespace" specified.
- Download the SAML signing certificate from AAD and convert the cert to Base64-encoded text.
- Click Configure Red Canary Portal.
- Copy the following AAD Identity Provider information for entry into Red Canary's SSO configuration. Note that these values will be different for every Active Directory Identity provider.
- In Red Canary, click your profile > Single Sign-On in the site navigation.
- Paste the Base64-encoded signing certificate information you downloaded from AAD into the Identity Provider x509 Cert field.
- Paste the SAML Single Sign-On Service URL into the Identity Provider SSO Target URL field.
- Paste the SAML Entity ID into the Identity Provider Entity ID field.
- Paste the Sign-Out URL into the Identity Provider SLO Target URL.
- Set Email Attribute to Email.
- Check This SSO configuration should be active.
- Click Save Configuration.
Setting up SAML can occasionally be problematic, so if you have any issues, submit a support case and we’ll jump on a call to debug with you (or check the troubleshooting guide).