In general, Canto always requires the following three attributes from the SSO SAML 2.0 system to authenticate:
- Attribute name - Email
- Attribute name - First Name
- Attribute name - Last Name
Additionally, if you want to manage Canto user roles in your SSO system and not in Canto, you need to create specific attributes.
Those attributes will then be mapped to roles in Canto.
Active Directory Federation Services (ADFS)
- Role attribute (attribute used to place role values): Active Directory Groups
- Canto Admin: CantoAdmin
- Canto Contributor: CantoContributor
- Canto Consumer: CantoConsumer
- Canto Custom Role: please contact our support team
Azure
- Role attribute (attribute used to place role values): Azure Groups
- Canto Admin: Azure ID of the Canto Admin group
- Canto Contributor: Azure ID of the Canto Contributor group
- Canto Consumer: Azure ID of the Canto Consumer group
- Canto Custom Role: Azure ID of the Canto Custom Role group
F5-APM
- Role attribute (attribute used to place role values): custom attribute "Canto-Role"
- Canto Admin: Admin
- Canto Contributor: Contributor
- Canto Consumer: Consumer
- Canto Custom Role: please contact our support team
Google G-Suite
- Role attribute (attribute used to place role values): custom attribute "Role"
- Canto Admin: Admin
- Canto Contributor: Contributor
- Canto Consumer: Consumer
- Canto Custom Role: please contact our support team
IBM-w3id
- Role attribute (attribute used to place role values): Undefined, any user who attempts to login will be placed as a Consumer
- Canto Admin: Undefined
- Canto Contributor: Undefined
- Canto Consumer: Undefined
- Canto Custom Role: please contact our support team
Okta
- Role attribute (attribute used to place role values): Okta Groups
- Canto Admin: CantoRoleAdmin
- Canto Contributor: CantoRoleContributor
- Canto Consumer: CantoRoleConsumer
- Canto Custom Role: please contact our support team
One Login
- Role attribute (attribute used to place role values): custom attribute "Canto Title"
- Canto Admin: CantoAdmin
- Canto Contributor: CantoContributor
- Canto Consumer: CantoConsumer
- Canto Custom Role: please contact our support team
Ping Federate
- Role attribute (attribute used to place role values): custom attribute "group"
- Canto Admin: CantoAdmin
- Canto Contributor: CantoContributor
- Canto Consumer: CantoConsumer
- Canto Custom Role: please contact our support team
Shibboleth
- Role attribute (attribute used to place role values): Undefined, any user who attempts to login will be created as a Consumer
- Canto Admin: Undefined
- Canto Contributor: Undefined
- Canto Consumer: Undefined
- Canto Custom Role: please contact our support team
WSO2
- Role attribute (attribute used to place role values): Undefined, any user who attempts to login will be created as a Contributor
- Canto Admin: Undefined
- Canto Contributor: Undefined
- Canto Consumer: Undefined
- Canto Custom Role: please contact our support team