Canto requires the following three attributes from the SSO SAML 2.0 system to authenticate:

  • Attribute name - Email
  • Attribute name - First Name
  • Attribute name - Last Name


For the systems listed below, there are predefined attributes which Canto looks for, from the SSO system. Creating the specific attributes allows user control from your SSO system.

(If you would like to use different attributes for Canto than the ones listed, customization is possible.)


Active Directory Federation Services:

Role Attribute (attribute used to place role values): Active directory groups with names CantoAdmin, CantoContributor, CantoConsumer

Role for Admin: Assign user to FlightAdmin group

Role for Contributor: Assign user to FlightContributor group

Role for Consumer: Assign user to FlightConsumer group


One Login:

Role Attribute (attribute used to place role values): Canto Title

Role for Admin: CantoAdmin

Role for Contributor: CantoContributor

Role for Consumer: CantoConsumer


Ping Federate:

Role Attribute (attribute used to place role values): group

Role for Admin: CantoAdmin

Role for Contributor: CantoContributor

Role for Consumer: CantoConsumer


Shibboleth:

Role Attribute (attribute used to place role values): Undefined, any user who attempts to login will be placed as a Consumer

Role for Admin:

Role for Contributor:

Role for Consumer:


WSO2:

Role Attribute (attribute used to place role values): Undefined, any user who attempts to login will be placed as a Contributor. 

Role for Admin:

Role for Contributor:

Role for Consumer:


G-Suite:

Role Attribute (attribute used to place role values): Role

Role for Admin: Admin

Role for Contributor: Contributor

Role for Consumer: Consumer


Okta:

Role Attribute (attribute used to place role values): Role

Role for Admin: Admin

Role for Contributor: Contributor

Role for Consumer: Consumer


IBM-w3id:

Role Attribute (attribute used to place role values): Undefined, any user who attempts to login will be placed as a Consumer

Role for Admin:

Role for Contributor:

Role for Consumer:


F5-APM:

Role Attribute (attribute used to place role values): Canto-Role

Role for Admin: Admin

Role for Contributor: Contributor

Role for Consumer: Consumer