Configuring SAML for Instructure Canvas
REQUIRED ACCOUNT/PERMISSION LEVEL
Bitium: All account levels; must be an admin to set up
Canvas: Must have Admin permissions to set up
Go to “Manage Apps.”
Select “Instructure Canvas” from the list of installed apps.
Select the “Single Sign-On” tab.
From the dropdown, select “SAML Authentication.”
Leave your Bitium window open.
- Log into Canvas.
- Go to the Admin view, hover over “Courses,” go to “Manage Accounts,” then to the Organization for which you would like to enable SAML.
- On the left side of the screen, click on “Authentication.”
- On the right side of the screen, there should now be a drop-down menu: click “SAML.”
- Click the button for “Add new SAML config.”
You will now be able to see the following screens in both Bitium and Canvas (the numbers correspond to the order of the steps outlined in the section below):
In Bitium & Canvas:
- Copy Entity ID from Bitium and paste it into the IdP Entity ID field in Canvas.
- Copy Login URL from Bitium and paste it into the Log On URL field in Canvas.
- Copy Logout URL from Bitium and paste it into the Logout URL field in Canvas.
- Leave the Change Password Link blank (in Canvas).
- Copy the X.509 Certificate Fingerprint from Bitium and paste it into the Certificate Fingerprint field in Canvas.
- Set the Login Attribute in Canvas to equal “NameID.”
- Set Identifier Format in Canvas to equal urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
- Set Authentication Context in Canvas to equalurn:oasis:names:tc:SAML:2.0:ac:classes:Password.
- Write Login in the Login Label field.
- In Canvas click “Save Authentication Settings.”
- In Bitium go back to the Single Sign-On tab for Instructure Canvas and click the “Save Changes” button.
SAML Enabled will be illuminated in green once completed.