Can anybody help on the single sign on solution without using the third party identity provider?
Can you give us more details about how you are hoping to set things up? Do you have an SSO that you are using for other applications at your institution?
A "single sign-on" is an authentication provider that is shared by many applications, so it is a "third party" (outside of Canvas) by definition. Canvas is able to integrate with many standard SSO types like SAML and CAS without too much difficulty, if you are already using one of those.
We have a student management system used by many colleges and universities in Australia. recently we have completed the system integration with Canvas LMS. Now the colleges are looking for a solution to login in canvas without requiring the canvas credentials. In other words, we need a solution that we can simply redirect to canvas student portal without logging into canvas platform via our SMS system. One of the ways to achieve is via Microsoft 365 account which canvas allows performing single sign-on. But I am trying to understand how it works. Have you had this kind of situation? It will be great if you can help us to achieve this.
In a very general sense, there has to be some way to associate the students' account information on the SMS system with their user information in Canvas. How is authentication handled in the the SMS system?
The user login with the user name and password which they get while enrolling the student. We have already integrated with canvas platform and we also create a canvas user profile using the using lms API.
Now, we have a requirement that user clicks on some icon inside our system and we should redirect the student to their profile in canvas platform without the need of login in canvas platform.
This process should happen seamlessly and we should not display any login popup (login to Microsoft account). Do you think this is achievable?
Can I please ask which SMS/SIS you are using and how it integrates with Canvas today. Being an Aussie myself, I might be able to give some product specific insights if I know what the products are.
Look forward to hearing from you.
We are a software development company in Sydney. We have our own student management system which is being used by many providers such as colleges and universities. If you could share some idea about your experience of using single sign-on with canvas platform, that would be great. Many thanks.
At UTS I worked on several SSO integrations when we originally tested things prior to our production release of Canvas including SAML (Shibboleth), Office 365 (AzureAD), and LDAP (purely as a test but we opted for Shibboleth rather than LDAP).
Previously, I had also had discussions with Instructure about the Australian Access Federation (AAF), when we went live, it unfortunately wasn't there, so we opted for Shibboleth instead.
Obviously the other part I am keen to understand is the overall proposed architecture (I anticipate you are planning for a client/clients) i.e. not just now you are planning SSO, but how the user accounts get into the system(s) as that has impacts when selecting an SSO platform (as you will need to ensure the identifiers match up, in the case of SAML email or ID, AzureAD (O365) email, and so on).
Look forward to hearing from you!
Could you share some idea on how to achieve this using office365 (Azure AD)?
Our scenario is, we have a SMS system and we create canvas users with same credentials using canvas LMS API. The integration has been completed successfully. Now, we have a requirement that user clicks on some icon inside our system and we should redirect the student to their profile in canvas platform without the need of login in canvas platform.
That would certainly be achievable with one caveat, you would need to be using Office 365 as your SSO provider on your SMS. For a true single-sign-on to work with AzureAD (or any other provider) the systems would both need to use the same SSO provider.
If you enable AzureAD login via O365 on your SMS and then configure the out of box integration to the 'Microsoft' authentication provider then once a student logs into your SMS, they will be auto logged in and a link to their Canvas instance will take them straight to their dashboard without requiring another login.
From what I have read, I believe you are the SMS vendor (if I have misinterpreted, my apologies), if that is the case I would recommend considering a wider architectural picture of how you might do this regardless of the SSO backend that a particular institution uses. Totally doable, but needs broader consideration for the likes of SAML/LDAP/AAF/etc.
Hope that helps!Stuart
Were you able to find an answer to your question? I am going to go ahead and mark this question as answered because there hasn't been any more activity in a while so I assume that you have the information that you need. If you still have a question about this or if you have information that you would like to share with the community, by all means, please do come back and leave a comment. Also, if this question has been answered by one of the previous replies, please feel free to mark that answer as correct.
I am still unable to achieve single sign on.
Hello, Raju Chapagain, we're sorry to hear that this isn't resolved. In reviewing the thread, I see that a while back Michael Zimmerman asked you for additional information; please provide the details he requested so our members can continue to help you troubleshoot.
Thank you. I am replying into Michaels comment.
Retrieving data ...