This guide will walk you through the steps to configure OneLogin SCIM and SSO with your Canny company. After completing this, you will be able to automatically provision and deprovision your OneLogin users as admin members of your Canny company. SSO will allow your users to access a one-click button within their OneLogin dashboard that will automatically log them into their Canny account.
The OneLogin integration is available to customers on our Business plan. If you’re interested in adding OneLogin to your account, contact us.
To set up the integration, you must be an admin in both Canny and your OneLogin organization.
1. First you’ll need to install the Canny app within your OneLogin organization. In OneLogin, go to the Applications tab and then click Add App. Search for "canny" and then click our app to begin the installation process.
2. Next you'll see the initial configuration page like below. Make sure the "Visible in portal" toggle is enabled so that employees that are granted access to Canny will be able to see the one-click button in their OneLogin portal. Click Save to continue.
3. In another browser tab, open Canny and navigate to your OneLogin settings page which looks like below. First you'll need to click Generate SCIM Token. Next, copy the SCIM Bearer Token which is a secret code you'll need in the next step below.
4. Back in the OneLogin admin tab, go to the Canny Configuration settings and paste the SCIM Bearer Token into the field as seen below. In the SCIM Base URL field, copy the default value and paste it into the field above. Finally, click Enable to save the SCIM configuration.
5. Go to the Parameters settings and ensure that it looks like the screenshot below. Most importantly, the Email field must be the OneLogin user's email address which must be unique across the entire company.
6. Go to the Provisioning tab and toggle "Enable provisioning" on. Make sure that you configure the delete user action to be either "Delete" or "Suspend" so that the user is properly removed from your Canny company. Click Save to finish this step.
7. Go to the SSO tab and copy the Client ID, Client Secret, and the Issuer URL domain. These three values will be used in the next step.
8. Go back to the Canny OneLogin settings tab and paste in your OneLogin Domain, Client ID, and the Client Secret. Click Connect OneLogin to start the verification process. A new tab should open and you'll be prompted to log into OneLogin unless you are already. After this confirmation flow completes, you have successfully completed the OneLogin setup process.
Granting Users Access to Canny
Now that you've configured OneLogin provisioning and SSO, you may grant users access to Canny. The steps below walk you through granting access for a single user to verify the entire flow works.
1. In OneLogin, go to a user and enable the Canny application for them. Click Continue.
2. Make sure "Allow the user to sign in" is enabled and then click Save.
3. Next, click Pending and approve the user to be provisioned within Canny. After they become provisioned, you should see a green check mark here.
4. Finally, this user can now access the Canny app from their OneLogin dashboard. Once they click Canny, a new tab will open and they'll automatically be logged into their Canny account.
Finally, for Canny business customers, we also support provisioning users with an admin role. As an example, the following steps will show you how to provisions users of a group in OneLogin as Product Managers in Canny.
1. In OneLogin, navigate to the Canny application and click Rules.
2. Next, click the Add Rule button.
3. First, let's name this rule "Product Managers".
4. Conditions in OneLogin can be based off of Roles, Departments, Titles, but for our example we are going to make the condition for all users in the Group called "Product Managers". To do so we'll click the plus icon and select Group, is, and Product Managers.
5. Next we are going to define this rule's action, which is to pass a role when a user is provisioned. To do that we will select Set Role in Canny from the dropdown, click the Map from OneLogin radio, select - Macro - from the second dropdown, then type in productManagers into the input. If you want to provision a user as an Admin the input is admin or if you want to provision the user as a Contributor the input is contributor.
6. Finally, try provisioning a user in the Product Managers group then go to your Canny Admins settings page to confirm they've been added to your team with the correct role!
Let us know if you have any questions and happy Canny-ing!