Configuring SAML-Based Single Sign-On In CanIPhish
CanIPhish supports SP-initiated and IdP-initiated Single Sign-On (SSO) for accessing both the CanIPhish Cloud Platform and CanIPhish Learner Dashboard. The Cloud Platform and Learner Dashboard each have their own SAML-based SSO configuration.
Onboarding Guides
A variety of different SSO providers and solutions are available. To assist with the setup, CanIPhish has developed onboarding guidance for major providers:
CanIPhish Cloud Platform
- Okta: Cloud Platform SSO Configuration Guide
- Microsoft Entra ID: Cloud Platform SSO Configuration Guide
- Google Workspace: Cloud Platform SSO Configuration Guide
- OneLogin: Cloud Platform SSO Configuration Guide
- JumpCloud: Cloud Platform SSO Configuration Guide
CanIPhish Learner Dashboard
- Okta: Learner Dashboard SSO Configuration Guide
- Microsoft Entra ID: Learner Dashboard SSO Configuration Guide
- Google Workspace: Learner Dashboard SSO Configuration Guide
- OneLogin: Learner Dashboard SSO Configuration Guide
- JumpCloud: Learner Dashboard SSO Configuration Guide
Is your SSO provider missing from the above list? Let us know!
Note: Support for IdP-initiated SSO was released on July 13, 2025. If you setup SSO prior to this date and would like to use IdP-initiated SSO, please deactivate and then reactivate your respective SSO configurations within your CanIPhish tenant. As part of the reactivation process, both SP-initiated and IdP-initiated SSO will be included. If you run into any issues, please contact the CanIPhish Support Team.
Frequently Asked Questions:
What is the CanIPhish Cloud Platform?
This is the platform that administrators use to create and manage phishing or training campaigns.
Accessible at: https://caniphish.com/Auth/Login
What is the CanIPhish Learner Dashboard?
This is the dashboard that learners use to complete any assigned training.
Accessible at: https://learn.caniphish.com/Platform/Login
Is single sign-on compatible with platform white-labelling?
Yes! If white-labelling has been set up, CanIPhish will seamlessly alter the single sign-on and redirect URLs so that there is no reference to CanIPhish and that the login redirection goes to the white-labelled domain. If white-labelling was set up after single sign-on was set up, please follow the steps below:
Step 1. Deactivate the existing single sign-on deployment(s) within CanIPhish (i.e. if both Learner and Platform SSO are activated, disable both).
Step 2. Refresh the webpage (this will force the new configuration to be displayed on-screen).
Step 3. In some cases, the Single Sign-On URL will slightly change. If it has, please proceed to Step 4. If it hasn't changed, jump straight to Step 5.
Step 4. Go into your respective Identity Provider and update the SSO configuration(s) to use the updated SSO URL(s).
Step 5. Reactivate SSO within CanIPhish, and you're all good to go! Single Sign-On will now be fully white-labelled.
Comments
0 comments
Please sign in to leave a comment.