Configuring SAML-Based Single Sign-On In CanIPhish
CanIPhish supports SP-initiated Single Sign-On (SSO) for accessing both the CanIPhish Cloud Platform and CanIPhish Learner Dashboard. The Cloud Platform and Learner Dashboard each have their own SAML-based SSO configuration.
Onboarding Guides
A variety of different SSO providers and solutions are available. To assist with the setup, CanIPhish has developed onboarding guidance for major providers:
CanIPhish Cloud Platform
- Okta: Cloud Platform SSO Configuration Guide
- Microsoft Azure AD: Cloud Platform SSO Configuration Guide
- Google Workspace: Cloud Platform SSO Configuration Guide
- OneLogin: Cloud Platform SSO Configuration Guide
- JumpCloud: Cloud Platform SSO Configuration Guide
CanIPhish Learner Dashboard
- Okta: Learner Dashboard SSO Configuration Guide
- Microsoft Azure AD: Learner Dashboard SSO Configuration Guide
- Google Workspace: Learner Dashboard SSO Configuration Guide
- OneLogin: Learner Dashboard SSO Configuration Guide
- JumpCloud: Learner Dashboard SSO Configuration Guide
Is your SSO provider missing from the above list? Let us know!
Frequently Asked Questions:
What is the CanIPhish Cloud Platform?
This is the platform that administrators log into to create and manage phishing or training campaigns.
Accessible at: https://caniphish.com/Auth/Login
What is the CanIPhish Learner Dashboard?
This is the dashboard that learners log into to complete any assigned training.
Accessible at: https://learn.caniphish.com/Platform/Login
Is single sign-on compatible with platform white-labelling?
Yes! If white-labelling has been set up, CanIPhish will seamlessly alter the single sign-on and redirect URLs so that there is no reference to CanIPhish and that the login redirection goes to the white-labelled domain. If white-labelling was set up after single sign-on was setup, simply deactivate the existing single sign-on deployment, alter the Single Sign-On URL in your Identity Provider to the new URL provided, and then reactivate.
Is IdP-initiated SSO supported?
Unfortunately, CanIPhish only supports SP-initiated SSO. This is a limitation in the authentication service that CanIPhish uses to power our cloud offering (Amazon Cognito). This means that SSO needs to be initiated by CanIPhish instead of through an app within the Identity Provider. Some IdPs support a workaround through the use of SSO Bookmark URLs. Where available, this workaround is mentioned in configuration guides.
Comments
0 comments
Please sign in to leave a comment.