Open navigation

SSO Attribute Mappings

In general, Canto always requires the following three attributes from the SSO SAML 2.0 system to authenticate:

  • Attribute name - Email
  • Attribute name - First Name
  • Attribute name - Last Name


Additionally, if you want to manage Canto user roles in your SSO system and not in Canto, you need to create specific attributes.


Those attributes will then be mapped to roles in Canto.


Active Directory Federation Services (ADFS)

  • Role attribute (attribute used to place role values): Active Directory Groups
  • Canto Admin: CantoAdmin
  • Canto Contributor: CantoContributor
  • Canto Consumer: CantoConsumer
  • Canto Custom Role: please contact our support team


Azure

  • Role attribute (attribute used to place role values): Azure Groups
  • Canto Admin: Azure ID of the Canto Admin group
  • Canto Contributor: Azure ID of the Canto Contributor group
  • Canto Consumer: Azure ID of the Canto Consumer group
  • Canto Custom Role: Azure ID of the Canto Custom Role group


F5-APM

  • Role attribute (attribute used to place role values): custom attribute "Canto-Role"
  • Canto Admin: Admin
  • Canto Contributor: Contributor
  • Canto Consumer: Consumer
  • Canto Custom Role: please contact our support team


Google G-Suite

  • Role attribute (attribute used to place role values): custom attribute "Role"
  • Canto Admin: Admin
  • Canto Contributor: Contributor
  • Canto Consumer: Consumer
  • Canto Custom Role: please contact our support team


IBM-w3id

  • Role attribute (attribute used to place role values): Undefined, any user who attempts to login will be placed as a Consumer
  • Canto Admin: Undefined
  • Canto Contributor: Undefined
  • Canto Consumer: Undefined
  • Canto Custom Role: please contact our support team


Okta

  • Role attribute (attribute used to place role values): Okta Groups
  • Canto Admin: CantoRoleAdmin
  • Canto Contributor: CantoRoleContributor
  • Canto Consumer: CantoRoleConsumer
  • Canto Custom Role: please contact our support team


One Login

  • Role attribute (attribute used to place role values): custom attribute "Canto Title"
  • Canto Admin: CantoAdmin
  • Canto Contributor: CantoContributor
  • Canto Consumer: CantoConsumer
  • Canto Custom Role: please contact our support team


Ping Federate

  • Role attribute (attribute used to place role values): custom attribute "group"
  • Canto Admin: CantoAdmin
  • Canto Contributor: CantoContributor
  • Canto Consumer: CantoConsumer
  • Canto Custom Role: please contact our support team


Shibboleth

  • Role attribute (attribute used to place role values): Undefined, any user who attempts to login will be created as a Consumer
  • Canto Admin: Undefined
  • Canto Contributor: Undefined
  • Canto Consumer: Undefined
  • Canto Custom Role: please contact our support team


WSO2

  • Role attribute (attribute used to place role values): Undefined, any user who attempts to login will be created as a Contributor
  • Canto Admin: Undefined
  • Canto Contributor: Undefined
  • Canto Consumer: Undefined
  • Canto Custom Role: please contact our support team


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.