Please refer to the below list of common questions asked regarding Red Canary Single Sign-On (SSO), and contact Support if there are any further questions we can help with.
-
Have you integrated with Okta before? If yes how?:
- Yes. Please refer to Set up single sign on to Okta
-
Does the application support SAML 2.0? (If custom SAML integration):
- Yes. Please refer to: Set up single sign on to Okta
-
If yes, please provide:
- Single Sign on URL: https://[subdomain].my.redcanary.co/saml_sp/consume
- Audience URI (SP Entity ID): https://my.redcanary.co
-
If it is a OIN(Okta Integration Network), please provide base URL or ACS URL or Domain name, etc
- It is not on OIN
-
What is the default username format - example email address, LDAP ID:
- Email address. Please refer to: Set up single sign on to Okta
-
Is automated provisioning/de-provisioning supported by the application? If Yes what type?
- (Just in Time(JIT) or RESTFul API):
- Provisioning. Upon first logon (default permissions configurable).
-
Is there a sandbox environment available? If yes, Please provide details:
- No sandbox available
-
If it is a custom SAML integration, please provide Single Sign on URL and Audience URI (SP Entity ID):
- SSO URL: https://[subdomain].my.redcanary.co/saml_sp/consume
- Audience URI: https://my.redcanary.co
- Refer to Step 2: Set up single sign on to Okta
-
What is your application session timeout value? Can it be configured?:
- Default 30 minute session timeout.
- Configurable: https://[subdomain].my.redcanary.co/account/settings/security_settings/edit
-
How will users access the application when (rarely if ever!) Okta is down, or would you prefer to wait until Okta is back online?:
- You can enforce SSO only authentication or have local accounts to fallback on. Your choice.
- “Disable username / password login and require login via Single Sign On” Checkbox on https://subdomain.my.redcanary.co/account/settings/sso/edit
-
Can SSO and MFA be used at the same time ?
- The Red Canary MFA setting are used with Red Canary accounts (username/password) and will not prompt when SSO-only is used.
- MFA options can be set but that will be based on and configured with the SSO provider.
-
What if I need to move my Azure SSO to another tenant?
- You will need to temporarily disable SSO (reference Disabling or bypassing Red Canary Single Sign-On (SSO)) and perform a password reset on their account and login to confirm they can use local account info
- Once new tenant is online, you can log back into Red Canary and configure Azure SSO again using new information (Setting up Single Sign-On With Microsoft Azure Active Directory). NOTE: You may want to confirm that if any email domain changes will occur with tenant move to avoid issues with logging in once new SSO configuration is complete)