This guide will walk you through the steps to configure OneLogin SCIM and SSO with your Canny company. After completing this, you will be able to automatically provision and deprovision your OneLogin users as admin members of your Canny company. SSO will allow your users to access a one-click button within their OneLogin dashboard that will automatically log them into their Canny account.
The OneLogin integration is available to customers on our Business Plan. If you’re interested in adding OneLogin to your account, contact us.
To set up the integration, you must be an admin in both Canny and your OneLogin organization.
1. First you’ll need to install the Canny app within your OneLogin organization. In OneLogin, go to the Applications tab and then click Add App. Search for "canny" and then click our app to begin the installation process.
2. Next you'll see the initial configuration page like below. Make sure the "Visible in portal" toggle is enabled so that employees that are granted access to Canny will be able to see the one-click button in their OneLogin portal. Click Save to continue.
3. In another browser tab, open Canny and navigate to your OneLogin settings page which looks like below. First you'll need to click Generate SCIM Token. Next, copy the SCIM Bearer Token which is a secret code you'll need in the next step below.
4. Back in the OneLogin admin tab, go to the Canny Configuration settings and paste the SCIM Bearer Token into the field as seen below. In the SCIM Base URL field, copy the default value and paste it into the field above. Finally, click Enable to save the SCIM configuration.
5. Go to the Parameters settings and ensure that it looks like the screenshot below. Most importantly, the Email field must be the OneLogin user's email address which must be unique across the entire company.
6. Go to the Provisioning tab and toggle "Enable provisioning" on. Make sure that you configure the delete user action to be either "Delete" or "Suspend" so that the user is properly removed from your Canny company. Click Save to finish this step.
7. Go to the SSO tab and copy the Client ID, Client Secret, and the Issuer URL domain. These three values will be used in the next step.
8. Go back to the Canny OneLogin settings tab and paste in your OneLogin Domain, Client ID, and the Client Secret. Click Connect OneLogin to start the verification process. A new tab should open and you'll be prompted to log into OneLogin, unless you are already. After this confirmation flow completes, you have successfully completed the OneLogin setup process.
Granting Users Access to Canny
Now that you've configured OneLogin provisioning and SSO, you may grant users access to Canny. The steps below walk you through granting access for a single user to verify the entire flow works.
1. In OneLogin, go to a user and enable the Canny application for them. Click Continue.
2. Make sure "Allow the user to sign in" is enabled and then click Save.
3. Next, click Pending and approve the user to be provisioned within Canny. After they become provisioned, you should see a green check mark here.
4. Finally, this user can now access the Canny app from their OneLogin dashboard. Once they click Canny, a new tab will open and they'll automatically be logged into their Canny account.
Let us know if you have any questions!