Community

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
EvanDonovan
Community Member

Can the login + password method of logging in be disabled in the Canvas Student app?

Jump to solution

Can the login + password method of logging in be disabled in the Canvas Student mobile app?

All of our students are created in Canvas via an SIS integration, so they do not have passwords in Canvas. When they use Canvas on the web, they always log in via SAML.

However, when they download the Canvas Student mobile app, it takes them by default to log in via a login + password, even though SAML is set as our default login method on the web.

We have attempted to clarify for students that they will need to use the QR code to log in on the Canvas Student app, but this is still a frequent source of questions. Is there a way to disable the login + password method of logging on the Canvas Student app for our institution so that all our students would have to use the QR code method?

Tags (3)
2 Solutions

Accepted Solutions
chriscas
Community Champion

Hi @EvanDonovan,

That's definitely strange behavior and not something we have ever encountered at our institution.  As long as SAML is the first authentication provider listed, that's what students should be lead through even on the app.  If all of your logins are done through SAML, you could try disabling the canvas authentication completely in your auth settings.  Depending how you provision users, you could also include the auth provider as part of your users.csv upload, though I'm not sure if that would help in this case or not.

-Chris

View solution in original post

Hi @EvanDonovan 

Is it possible for you to make a short video of what happens with the mobile app and post a link to it here?  In my experience, when someone first launches the app, they're asked to select their institution (either enter the name or the canvas url), then the authentication flow from there is the same as the web.  I wonder if your SAML provider is rejecting requests from the app for some reason and then it's moving down to the next auth provider in the list (the canvas built-in).  Seeing a video *might* help someone here figure this out more.  If you have someone at Instructure helping with implementation, I'd also run this by them, as what you're describing is not the experience we have with SAML here at all.

-Chris

View solution in original post

7 Replies
chriscas
Community Champion

Hi @EvanDonovan,

That's definitely strange behavior and not something we have ever encountered at our institution.  As long as SAML is the first authentication provider listed, that's what students should be lead through even on the app.  If all of your logins are done through SAML, you could try disabling the canvas authentication completely in your auth settings.  Depending how you provision users, you could also include the auth provider as part of your users.csv upload, though I'm not sure if that would help in this case or not.

-Chris

Thanks - what you say makes sense. We are just now starting to use Canvas, so we have other things to focus on for now, but I will make a note of this to look into your suggested solutions later.

We do have faculty & staff that have passwords, and thus could login without using SAML. But they also can log in using SAML, so in theory we could disable the regular authentication entirely. I just don't want to do that right as our first term in Canvas is starting, in case it doesn't work as expected.

Hi @EvanDonovan ,

That does make some sense, and I totally understand now wanting to mess with settings in production now (you could, however, try some things in your test or beta environment).  Which provider is listed first on your authentication settings page?  In your situation, I'd put SAML first (so Canvas would default to that).  If it works for faculty and students, great!  For faculty who can't auth through SAML for whatever reason, you can give them the direct URL for canvas built-in auth (https://<canvas_url>/login/canvas) and that would get them in.  You can also set up a webpage with the different login options (with links), explaining who should use each.  You'd then set that webpage as your discovery page in the Canvas authentication settings.

-Chris

Thanks, I did set SAML as the first login method. I haven't looked into any more advanced items like discovery pages though, since I am new to handling SAML.

I should probably learn how the test environment works soon. We didn't have a test environment on our old system so I always had to do things in test courses or between terms.

The other day I saw an example of a Canvas instance that had links to the different login pages. So that did seem nice. I don't think it would be needed in our case though because 99% of users should be able to use SAML. The problem we're encountering is really just with the mobile app asking for passwords, not with anything on the web.

Hi @EvanDonovan 

Is it possible for you to make a short video of what happens with the mobile app and post a link to it here?  In my experience, when someone first launches the app, they're asked to select their institution (either enter the name or the canvas url), then the authentication flow from there is the same as the web.  I wonder if your SAML provider is rejecting requests from the app for some reason and then it's moving down to the next auth provider in the list (the canvas built-in).  Seeing a video *might* help someone here figure this out more.  If you have someone at Instructure helping with implementation, I'd also run this by them, as what you're describing is not the experience we have with SAML here at all.

-Chris

I think you are probably right. It is probably that our SIS can't handle SAML requests from mobile. I think I will just leave this to investigate further at a different time.