Canto supports the use of single sign-on with SAML 2.0.
If you are interested in learning more about our SSO service, please contact your Canto Account Manager.
If you have purchased SSO and are ready to begin with the setup, please create a support ticket in our Help Center and provide us with the following details:
- What identity provider (IDP) are you using, e. g. ADFS, Azure or G-Suite?
- Who should be able to log in to Canto? IDP users only or your IDP users + users that have been manually created in Canto and are not part of your IDP environment (e. g. agencies, partners or customers)?
- Do you want to manage Canto roles for your IDP users within your IDP or in Canto?
- Do you want to manage Canto groups for your IDP users within your IDP or in Canto?
By default, every new user created in Canto - that originates from your SSO environment - will be a Consumer user.
Depending on the setup (see #3 and #4 from the above questions) you need to adjust their roles as desired, either in Canto or in your SSO environment.
Below are setup guides for our most commonly connected IDPs:
If your system is not listed above but SAML 2.0 compatible, our technical team will be able to help with the configuration.
During the configuration, we will provide our service provider metadata details (XML file) to be used for configuration within your IDP.
We have three required login attributes which need to be sent over from your IDP for authorization:
- first name
- last name
- email address