Canopy is able to support user access via Single Sign-On (SSO) across a wide variety of authentication providers.
This article provides the technical documentation required to set up SSO using Microsoft Azure AD.
If your organisation uses a different authentication service, please refer to the other documentation in this Knowledge Centre, or get in touch with your Canopy Account Manager.
Introduction
Canopy is integrated with Keycloak for access management.
More information about Keycloak can be found here (https://www.keycloak.org/)
Step 1: set up the application within your Azure AD environment
We recommend you set up two applications, one for the Stage (i.e. Test) environment and one for the Production (i.e. Live) environment.
Register two applications within your Azure AD as per these instructions:
https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-ap
For the authentication method please use Client Secret.
You will need to add the following redirect URLs during the setup.
Stage: https://stage-spw.canopy-sm.com/auth/realms/spw-stage/broker/microsoft/endpoint
Production: https://spw.canopy-sm.com/auth/realms/spw/broker/microsoft/endpoint
Step 2: share the application details with your Canopy Account Manager
Please tell us whether the registered applications are single or multi-tenant, and then provide the relevant information below for each app:
For single tenant, please provide:
- Tenant Id or the OpenID Connect metadata document URL
- The application (client) ID
- The credentials - secret
For multi tenant, please provide:
-
The application (client) ID
-
The credentials - secret
Step 3: ensure the 'secret' is kept up to date
The secret will need to be renewed based on the length of time, please tell us what this is and please make a record to provide us the new secret before it expires.