We've been investigating options to allow collaborators/guest lecturers/etc. from outside our institution access to our Canvas instance. One thought that has come up is using InCommon for authentication, after we have created user accounts with the necessary id@domain login.
I was able to do this a few years ago in Blackboard, but I was running the server locally and had a local discovery service set up under IIS to handle it. I can't see any way to do something similar in Canvas.
We can point to the InCommon discovery service to get redirected to individual institutions' IdPs, but I'm not seeing a clear way to allow those to be recognized as valid auth providers for existing users. Is this something that anyone else has looked at?
InCommon Federation is an identity management federation operator for U.S. education and research institutions. It provides a common framework for trusted shared management to access online resources. InCommon uses SAML-based authentication and authorization systems for scalability and trusted collaborations among its community of participants.
Users are able to access federation services using a single user account and password. Affiliated users can employ the user IDs assigned to them by their home universities to access and use numerous services instead of having to maintain and use different accounts.
Yes, I'm familiar with InCommon and federated authentication in general.
My question is about providing access to Canvas through InCommon federated logins without needing to add an individual SAML authentication source in Canvas for each of the thousands of InCommon members, similar to the way it works for services like EduRoam.