Official Canvas Document
Single Sign On (SSO) is a functionality that many schools will configure during the implementation phase of transitioning to Canvas online with their institution. SSO provides many benefits, not the least being that after users sign in to one of the services at an institution they are automatically authenticated into any other service that uses SSO. The user is only required to remember one set of credentials.
LDAP represents a shared authentication methodology. It retains the benefit of remembering only a single username and password but a user must sign in to each service using that set of credentials.
When Instructure Canvas receives a successful identity assertion from any of its supported authentication integrations, it searches for a user 'login' that matches the value of the asserted identity. If it finds a matching login, it logs in the associated user account.
LDAP is used for authentication only. Adding a new account to an LDAP tree does not automatically create an account in Canvas.
This article describes the process of configuring and debugging ADFS authentication to work with Canvas.
This is the typical workflow of LDAP once it is enabled.
During the login process:
|Is LDAP running on the LDAPS port (usually port 636)?||Is LDAP running on the normal LDAP port (port 389)?|
|Simple TLS||Start TLS|