Learn about Community
Sign In
You're signed out
Sign in to ask questions, follow content, and engage with the Community
Sign In
'; hoverCardInner.innerHTML = loadingHTML.repeat(4); hoverCardContainer.classList.add('profile-hover-card-show'); // Extract information from the image element const titleField = avatar.getAttribute('title'); const userInfoUrl = `https://${mainURL}/api/2.0/search?q=SELECT first_name, last_name, login, view_href, rank, topics, solutions_authored, id, email FROM users WHERE login = '${titleField}'`; const userPostsUrl = `https://${mainURL}/api/2.0/search?q=SELECT count(*) FROM messages WHERE author.login = '${titleField}'`; const userSolutionsUrl = `https://${mainURL}/api/2.0/search?q=SELECT count(*) FROM messages WHERE author.login = '${titleField}' AND is_solution = true`; const userBadgesUrl = `https://${mainURL}/api/2.0/search?q=SELECT user_badges from users where login = '${titleField}'`; // Fetch user information async function createProfileData() { const userInfo = await fetch(userInfoUrl); const userPosts = await fetch(userPostsUrl); const userSolutions = await fetch(userSolutionsUrl); const userBadges = await fetch(userBadgesUrl); const userInfoData = await userInfo.json(); const userPostsData = await userPosts.json(); const userSolutionsData = await userSolutions.json(); const userBadgesData = await userBadges.json(); const userBadgesArray = userBadgesData.data.items[0].user_badges.items; const earnedBadgesArray = userBadgesArray.filter(badge => badge.earned_date); earnedBadgesArray.sort((a, b) => new Date(b.earned_date) - new Date(a.earned_date)); const userRankName = userInfoData.data.items[0].rank.name; const userID = userInfoData.data.items[0].id; // const userKudosUrl = `https://${mainURL}/restapi/vc/users/id/${userID}/metrics/name/net_kudos_events_received?restapi.response_format=json`; const userKudos = await fetch(userKudosUrl); const userKudosData = await userKudos.json(); let fullName = userInfoData.data.items[0].login; if (userInfoData.data.items[0].first_name !== undefined && userInfoData.data.items[0].last_name !== undefined) { let firstName = userInfoData.data.items[0].first_name; let lastName = userInfoData.data.items[0].last_name; fullName = firstName + " " + lastName; } else { fullName = userInfoData.data.items[0].login; } let userRankIcon = ""; if (userInfoData.data.items[0].rank.icon_left !== undefined) { userRankIcon = userInfoData.data.items[0].rank.icon_left; } else { userRankIcon = ""; } let userEmail = ""; // <#if user_has_role> if (userInfoData.data.items[0].email !== undefined) { userEmail = userInfoData.data.items[0].email; } else { userEmail = ""; } // <#else> userEmail = ""; // #if> const userViewHref = userInfoData.data.items[0].view_href; const userPostsCount = userPostsData.data.count; const userSolutionsCount = userSolutionsData.data.count; const userKudosCount = userKudosData.response.value.$; const userBadgesCount = earnedBadgesArray.length; let badgesHTML = ""; if (earnedBadgesArray.length === 0) { badgesHTML = `
This user hasn't earned any badges yet.
`; } else { for (let i = 0; i < earnedBadgesArray.length; i++) { const badgeName = earnedBadgesArray[i].badge.title; const badgeIcon = earnedBadgesArray[i].badge.icon_url; const badgeHTML = `
`; badgesHTML += badgeHTML; if (i >= 4) { break; } }; } const hoverCardHTML = `
${userRankName}
${userEmail}
${badgesHTML}
`; // // Display the hover card return hoverCardHTML; } if (hoverCardInner.innerHTML.includes('loading-box')) { createProfileData().then((hoverCardHTML) => { hoverCardInner.innerHTML = hoverCardHTML; }); } } }); //Hide the hover card on mouseout avatar.addEventListener('mouseout', () => { const hoverCardContainer = avatar.nextElementSibling; hoverCardContainer.classList.remove('profile-hover-card-show'); }); hoverCardInner.addEventListener('mouseout', () => { const hoverCardContainer = avatar.nextElementSibling; hoverCardContainer.classList.remove('profile-hover-card-show'); }); hoverCardInner.addEventListener('mouseover', () => { const hoverCardContainer = avatar.nextElementSibling; hoverCardContainer.classList.add('profile-hover-card-show'); }); }); });
Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Showonly | Search instead for
Did you mean:
- Community
- Canvas
- Canvas Integration Documents
- Configuring Azure (SAML) and Canvas Authentication
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
`); } else { // findSchoolBtn.style.display = 'none'; } $('#find-school-btn').click(function () { $('.find-school-modal').append(`
Find your school's Canvas URL
To find your school or institution's Canvas URL, begin typing the name of your school/institution. Results will appear after you type at least 3 characters. For best results be as specific as possible. If you can't find your school, try using any part of your school's name or searching for your school district or state. You may also need to search for the school using the acronym or full name, for example "USU" and "Utah State University".
`); $('.find-school-modal').addClass('fs-active'); let searchText = "Couldn't find anything, please try again."; let resultsText = document.getElementById("results"); let searchQueryInput = document.getElementById("search-text"); var resultsData; let findSchoolBtn = document.querySelector('#find-school-btn'); const loaderContainer = document.querySelector('.loader-container'); const loaderSpinner = document.querySelector('.fs-spinner'); let searchForm = document.getElementById("search-text"); $('#search-text').keyup(function (e) { resultsText.innerHTML = ''; clearTimeout(timeoutID); const value = e.target.value; timeoutID = setTimeout(() => getSchools(value), 1000); }); function closeWindow() { $('.find-school-modal').removeClass('fs-active'); $('.find-school-wrapper').remove(); resultsText.innerHTML = ''; searchForm.value = ''; } $(document).keyup(function (e) { if (e.key === "Escape") { closeWindow(); } }); $('#fs-close-btn').click(function () { closeWindow(); }) const options = { method: "GET" }; const displayLoading = () => { loaderContainer.style.display = 'flex'; loaderContainer.classList.add('loader-active'); }; const hideLoading = () => { loaderContainer.classList.remove('loader-active'); loaderContainer.style.zIndex = "-99"; }; $('#find-school-form').submit(function (e) { e.preventDefault(); }); function getSchools(searchValue) { if (searchValue.length >= 3) { displayLoading(); let searchQuery = searchForm.value; fetch(`https://canvas.instructure.com/api/v1/accounts/search?name=${searchQuery}&per_page=20`, options) .then((response) => response.json()) .then(data => resultsData = data) .then((data) => { if (resultsData.length > 0) { for (let i = 0; i < resultsData.length; i++) { schoolName = resultsData[i].name; schoolURL = resultsData[i].domain; hideLoading(); resultsText.innerHTML += `
` } } else { hideLoading(); resultsText.innerHTML += `
We couldn't find anything for that search term. Try searching for something else.
` } }) .catch((err) => console.error(err)); } else { hideLoading(); } } }); });
Configuring Azure (SAML) and Canvas Authentication
Official Canvas Document |
Authentication Terminology
Term | Definition |
---|---|
IdP | Identity Provider The job of the IdP is to identify users based on credentials. The IdP typically provides the login screen interface and presents information about the authenticated user to service providers after successful authentication. Azure is the Identity Provider. |
login_id | Username in Canvas terminology. When information about an authenticated user is returned to Canvas, a user with a login_id matching the incoming data is looked for. |
Metadata | Information about the SP or IdP. This metadata is almost always provided in the form of XML. The metadata about your Canvas instance is located athttps://<YOURDOMAIN>.instructure.com/saml2 (replace <YOURDOMAIN> with the first portion of your Canvas domain). |
SAML | Security Assertion Markup Language |
SIS | Student Information System |
SIS ID | Unique ID of a user in Canvas. Used to link a user to an outside system, often a Student Information System (SIS). |
SLO | Single Logout When a user logs out of a service, some IdPs can subsequently log the user out of all other services the user has authenticated to. Azure supports this but may occasionally experience issues such as preventing a successful logout. Users will be logged out of Canvas but may not be logged out of Azure. |
SP | Service Provider An SP is usually a website providing information, tools, reports, etc to the end user. Canvas provides a learning environment to teachers, students, and admins and is, therefore,the Service Provider. Note: An SP cannot authenticate against an IdP unless the IdP is known to the SP. Likewise, an IdP will not send assertions to an SP that it does now know about. |
SSO | Single Sign-On This is what happens when a user isn't required to log in to a second service because information about the authenticated user is passed to the service. |
Pre-requisites
- Canvas does not automatically create user accounts from successful single-sign-ons. User accounts must either be created manually in the web interface or through the SIS import CSVs.
- The login_id field in Canvas must match the selected field returned from Azure.
- Your organization must have an Azure AD subscription.
- You must be able to log in to the admin console for your organization.
- Referencing of<YOURDOMAIN>in this guide is referring to your Canvas URL (ex: https://<YOURDOMAIN>.instructure.comwould be https://institution.instructure.com)
Login Release Valve
You may accidentallylock yourself out of Canvas while you are setting up authentication. If this happens,you can log in to Canvas using local authentication. Simply go tohttps://<YOURDOMAIN>.instructure.com/login/canvas (This forces Canvas to display the local login form rather than redirecting to the SAML login page).
To configure the integration of Canvas into Azure AD, you need to add Canvas from the gallery to your list of managed SaaS apps.
Inthe left navigation panel of the Azure portal, clickAzure Active Directoryicon.
Click theEnterprise applications,thenclickAll applications.
3. To add a new application, click theNew applicationbutton at the top of the dialog.
4.In the search box, type Canvas [1]. In the results panel, select Canvas [2] and then click the Create button [3] to add the application.
5.In the Canvas | Overview page of the Azure portal, click on Single Sign-on.
6. Click SAML.
7. On the Set up Single Sign-On with SAMLpage, edit the Basic SAML Configuration section by clicking the pencil in the top-right corner.
8. ClickAdd identifierand fill in the Identifier (Entity ID) fields with the Canvas Service Provier Entity ID. Be sure to usehttp (not https) , your canvas domain, followed by /saml2 (ie. http://<YOURDOMAIN>.instructure.com/saml2 ).
In the Reply URL (Assertion Consumer Service URL) fields, add your Canvas domains (production, test, and beta) (ie. https://<YOURDOMAIN>.instructure.com/*). ClickAdd reply URLto create a new input.Examples below:
- https://<YOURDOMAIN>.instructure.com/
- Index: 0
- https://<YOURDOMAIN>.test.instructure.com/
- Index: 1
- https://<YOURDOMAIN>.beta.instructure.com/
- Index: 2
- https://CUSTOMVANITYURL.com/ - You will only use this value if you have a vanity URL with Canvas. If you do not, you will not need to include this value in your configuration.
- Index: 3 (if applicable)
- https://<YOURDOMAIN>.instructure.com/
In the Sign-on URL field, enter your Canvas production URL. This will behttps://<YOURDOMAIN>.instructure.comor it will behttps://<CUSTOMVANITYURL>.comif you have a vanity URL with Canvas.
Click Save in the top-left corner.
Here is an example if you use a normal Canvas domain:
Here is an example if you use a vanity URL with Canvas:
9. Edit the second section, User Attributes & Claims.
***NOTE:This guide walks through the steps of sending the email address as the identifier. If you do not wish to send the email address as the identifier, please select which identifier you would like to send.
10. ClickUnique User Identifier (Name ID)under required claim and changeSource attributetouser.mail and clickSave.
11. Click Properties [1]. Change User assignment required to No [2]. Click Save.
12. Return to the Single Sign-on screen. In the third section, copy the App Federation Metadata Url.
The following steps take place in Canvas (https://YOURDOMAIN.instructure.com).
13. In a new browser tab, log in to your Canvas instance as an administrator. From the Admin tile, click Authentication.
14. Click on the Choose an Authentication Servicedrop-down, then selectSAML.
15. On the SAML configuration page, paste the App Federation Metadata Url into the IdP Metadata URI field. Click Save.
16. The page will reload with the values for IdP Entity ID, Log On URL, Log Out URL and Certificate Fingerprint automatically filled.
17. Test the configuration. Open a new incognito window, and go to
https://<YOURDOMAIN>.instructure.com/login/saml
If successful, you will be prompted to enter your Microsoft email address, followed by your password. You will then be logged in and redirected to your Canvas instance.
***NOTE:Canvas does not automatically create user accounts from successful single-sign-ons. User accounts must either be created manually in the web interface or through the SIS import CSVs.
18. Return to the Authentication screen. To make SAML the primary method for authentication, navigate to the bottom of the SAML section, and change Position to 1. Click Save.
Congratulations! You have configured Azure IdP inside Canvas LMS
3Likes
Was this article helpful?YesNo
Ask a Question View Related Guides
Related Guides
- Configuring Microsoft OAuth for Canvas Authentication
in Canvas Integration Documents
- Configuring LDAP and Canvas Authentication
in Canvas Integration Documents
- Parent Registration with SAML Authentication
in Canvas Integration Documents
Have a question about Canvas? Ask in the Q&A forum:
Ask a Question
Embed this guide in your Canvas course:
Note: You can only embed guides in Canvas courses. Embedding on other sites is not supported.
`; embedBtn.addEventListener("click", function () { insertEmbedCode(embedCode) embedContainer.classList.toggle("embed-hidden"); }); if (navigator.clipboard) { let button = document.createElement("button"); button.innerText = copyButtonLabel; button.addEventListener("click", copyCode); embedTextAreaPre.parentNode.insertBefore(button, embedTextAreaPre.nextSibling); } } catch (error) { // Handle errors here if necessary console.error(error); } })(); function insertEmbedCode(text) { embedTextAreaCode.innerText = text; } async function copyCode(event) { const button = event.srcElement; let text = embedTextAreaCode.innerText; await navigator.clipboard.writeText(text); button.innerText = "Code Copied!"; setTimeout(() => { button.innerText = copyButtonLabel; }, 5000) }