Canopy gives you the option to log into the system via Single Sign-On (SSO). This means that you can use your organisation's chosen IT authentication as your access to Canopy. This avoids having to remember a separate password for Canopy, and gives your IT team greater flexibility when managing user access to Canopy (for example, when an employee leaves the business).
In this article you will learn:
Logging into Canopy via SSO for the first time
Logging into Canopy without a pre-existing user account
Logging into Canopy with an existing user account
What to do if SSO stops working?
How to set up SSO
If you wish to set up SSO on your instance of Canopy, please talk to your Administrator.
Detailed documentation for the setup of SSO can be found here.
Logging into Canopy via SSO for the first time
Once SSO is enabled, any employee who is registered within your organisation's authentication service will be able to log into Canopy.
The experience of the user will vary depending on whether the user has already been created direct on Canopy, or not.
Logging into Canopy without a pre-existing user account
If the user does not already exist on Canopy, the first time they log in via SSO, they will be granted the permissions of a Standard User. This means they can browse and view supplier information, and may be assigned as a Business Owner. But they are not granted higher permissions such as performing approvals.
If the user needs to be granted additional permissions, please refer to this article to amend the user role(s) associated with the user.
Logging into Canopy with an existing user account
If the user already has an account on Canopy that matches the email address used to log in via SSO, the first time the user logs in via SSO, Canopy will automatically log them into their existing user account. This means the user will have the same user permissions they are used to.
Logging into Canopy using their original Username and Password will continue to work.
Suspending users with SSO
Any user who has access to your organisation's authentication service will continue to have access to Canopy via SSO. If you wish to suspend an SSO user on Canopy, you must both suspend them within the Canopy system and remove them from your SSO authentication service.
Click here for more information about how to suspend a user from Canopy.
What to do if SSO stops working?
If some reason the SSO connection stops working, all users who have previously logged into Canopy will continue to be able to do so using their Username and Password.
The user's Username will be the email address they use for SSO.
If the user has not already created a password on Canopy, they may do so by resetting their password. You can find out more about how to do this by reading this article.