We have setup our Canvas instance to use SAML for auth using our Office 365 credentials. I followed the steps here: Tutorial: Azure Active Directory Integration with Canvas LMS | Microsoft Azure and everything worked flawlessly, first time.
Now comes the problem - a lot of our staff are due for Canvas training next month, and will be using the test site. Whenever we try to login to the test site Office 365 can't log us in and returns a 'bad request' error. I presume this is because Office 365 has our main site set as the website to log users in to?
Has anyone else come across this problem before, or is there a better way to set up single sign-on that works for all 3 sites?
Many thanks in advance for any help or advice!
Our Canvas implementation team was terrific in problem solving the few issues when we launched Azure a year ago but I haven't set up the test server using Azure. To access our test or beta servers, we use the bypass login: https://schoolname.test.instructure.com/login/canvas. In addition, the users need to know their Canvas username and password since we set their Canvas password when we generate their accounts.
Shoreline Community College
We are giving the Canvas Admins area a little bit of love (especially questions that are really, really old) and just want to check in with you. This will also bring this question new attention.
Were you able to find an answer to your question? I am going to go ahead and mark this question as answered because there hasn't been any more activity in a while so I assume that you have the information that you need. If you still have a question about this or if you have information that you would like to share with the community, by all means, please do come back and leave a comment. Also, if this question has been answered by one of the previous replies, please feel free to mark that answer as correct.
We were able to add Azure SAML auth to all of our env per this document; however the other issue is now limiting access based on AD groups per environments. It uses the same AD groups as production, we can't figure out how to limit it without killing prod.
Setting up a completely separate SAML entry does not work and even if it did, it would be overwritten every week/month from production clone. Lastly, our admins generally dislike the idea of using one SSO registration for multiple environments. Sounds like a Canvas design flaw to me.