cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Community Member

Use SSO integration to limit access

Jump to solution

Hi,

We have SSO integration enabled in our Canvas instance and have a question on this. There are some people that we  want to not be able to login to Canvas.

Is there any way to limit access to certain users?

- For example, we want to send a certain attribute in a way that, depending on the value of that one, Canvas give access to the user. Is there any attribute that Canvas look at?

1 Solution

Accepted Solutions
Highlighted
Community Advocate
Community Advocate

Hi Carlos,

I am not aware of any attribute you could send to Canvas to determine whether or not a person gets access.  But for someone to have access to Canvas the must first have a user account created in Canvas, so even if the user has an account with #sso you're using unless they have a matching account in Canvas they would not be able to get in. 

Even if the user has an account in Canvas unless that user has a role associated with them or enrolled into a course that user would not be able to get to or do anything within Canvas. 

If the user has an account within Canvas and you wish to revoke that account without deleting it you can always change the sso login username and when that user tries to log into Canvas they will be unable to do so because the log in information does not match what is in Canvas. 

View solution in original post

3 Replies
Highlighted
Community Advocate
Community Advocate

Hi Carlos,

I am not aware of any attribute you could send to Canvas to determine whether or not a person gets access.  But for someone to have access to Canvas the must first have a user account created in Canvas, so even if the user has an account with #sso you're using unless they have a matching account in Canvas they would not be able to get in. 

Even if the user has an account in Canvas unless that user has a role associated with them or enrolled into a course that user would not be able to get to or do anything within Canvas. 

If the user has an account within Canvas and you wish to revoke that account without deleting it you can always change the sso login username and when that user tries to log into Canvas they will be unable to do so because the log in information does not match what is in Canvas. 

View solution in original post

Highlighted

Thanks for your answer Brian!

And do you know if is there any way of changing user roles in a global way. For example, under certain conditions, remove all teacher enrollments for the user?

We know that we can do it via API but we want to know if is there any mechanism implemented into the SSO integration.

Highlighted

Hi Carlos,

While changing a users #account role changes their access globally, there is not a way to remove a #course level role like the teacher enrollment with one call. As you stated that has to be done via an api call to each course the instructor was enrolled in.