In general, Canto requires the following three attributes from the SSO SAML 2.0 system to authenticate:

  • Attribute name - Email
  • Attribute name - First Name
  • Attribute name - Last Name


If you want to manage Canto user roles in your SSO system and not in Canto, you need to create specific attributes.

Those attributes will then be mapped to roles in Canto.


Active Directory Federation Services (ADFS)

  • Role attribute (attribute used to place role values): Active directory groups
  • Canto Admin: CantoAdmin
  • Canto Contributor: CantoContributor
  • Canto Consumer: CantoConsumer


Azure

  • Role attribute (attribute used to place role values): Azure groups
  • Canto Admin: CantoAdmin
  • Canto Contributor: CantoContributor
  • Canto Consumer: CantoConsumer


F5-APM

  • Role attribute (attribute used to place role values): custom attribute "Canto-Role"
  • Canto Admin: Admin
  • Canto Contributor: Contributor
  • Canto Consumer: Consumer


Google G-Suite

  • Role attribute (attribute used to place role values): custom attribute "Role"
  • Canto Admin: Admin
  • Canto Contributor: Contributor
  • Canto Consumer: Consumer


IBM-w3id

  • Role attribute (attribute used to place role values): Undefined, any user who attempts to login will be placed as a Consumer
  • Canto Admin: Undefined
  • Canto Contributor: Undefined
  • Canto Consumer: Undefined


Okta

  • Role attribute (attribute used to place role values): custom attribute "Role"
  • Canto Admin: Admin
  • Canto Contributor: Contributor
  • Canto Consumer: Consumer


One Login

  • Role attribute (attribute used to place role values): custom attribute "Canto Title"
  • Canto Admin: CantoAdmin
  • Canto Contributor: CantoContributor
  • Canto Consumer: CantoConsumer


Ping Federate

  • Role attribute (attribute used to place role values): custom attribute "group"
  • Canto Admin: CantoAdmin
  • Canto Contributor: CantoContributor
  • Canto Consumer: CantoConsumer


Shibboleth

  • Role attribute (attribute used to place role values): Undefined, any user who attempts to login will be created as a Consumer
  • Canto Admin: Undefined
  • Canto Contributor: Undefined
  • Canto Consumer: Undefined


WSO2

  • Role attribute (attribute used to place role values): Undefined, any user who attempts to login will be created as a Contributor
  • Canto Admin: Undefined
  • Canto Contributor: Undefined
  • Canto Consumer: Undefined