Canvas

Canvas is an open source Learning Management System (LMS) that connects all the digital tools and resources teachers use into one simple place. It is Designed specifically for K-12 teachers and students. It is used by more than 3,000 universities, school districts, and institutions around the world. Canvas LMS is easy to use and integrates seamlessly with the hundreds of apps, empowering teachers and students with infinite tools to make teaching and learning more easier.

With miniOrange Single Sign On (SSO), you can quickly increase your security of information and resources for your Canvas app without worrying about time for initial set up or future upgrades.

Follow the Step-by-Step Guide given below for Canvas Single Sign On (SSO)

Step 1: Configure Single Sign On (SSO) Settings for Canvas

Login to miniOrange Admin Console.
Go to Apps >> Manage Apps. Click Configure Apps button.
Click on SAML tab. Select Canvas LMS (SAML).
Enter the SP Entity ID as https://your_domain.acme.instructure.com/saml_consume.
Enter the ACS URL as https://your_domain.acme.instructure.com/saml_consume
Select the Email ID from the Name ID dropdown.

Go to the Add Policy and select DEFAULT from the Group Name dropdown.
Now enter the Canvas in the Policy Name field.
Select PASSWORD from the First Factor Type dropdown.
Click on Save to configure Canvas.

Click on Metadata link to download the metadata which will be required later. Click on Link to see the IDP initiated SSO link for Canvas.

Keep IDP Entity ID ,Login URL and Logout URL which you will require in Step 2.

Step 2: Configure Canvas setting for miniOrange

Login to your Canvas LMS domain as an Account Administrator.
Switch to Admin View.

Go to Courses and under Managed Accounts, click on your domain name.

Click on Authentication in the left pane and select SAML from the Choose an authentication service drop down list.

Under Current Integration, click on Add New SAML Config and enter the details as shown:

IdP Entity ID	Enter the IDP Entity value that you get from Step 1.
Log On URL	Enter the IDP Entity value that you get from Step 1.
Log Out URL	Enter the IDP Entity value that you get from Step 1.
Certificate Fingerprint	Follow the steps below to copy the Thumbprint of certificate: 1. Open the certificate that was downloaded earlier. 2. Go to Details and in the field column select Thumbprint. 3. Copy the Thumbprint that opens in the pane by pressing CTRL+C (Right-Click wont work!). 4. Paste the Thumbprint in the Certificate Fingerprint. Make sure that there are no spaces in between the Certificate Fingerprint. Remove them manually.
Login Attribute	NameID
Identifier Format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Authentication Context	urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
Login Label	Username
Unknown User Url	Leave blank.

Click the Save Authentication Settings to save the Single Sign On (SSO) SAML settings.

Step 3: Onboard users into our system

Click on Users >> Add User.

Here, fill the user details without the password and then click on the Create User button.

Click on On Boarding Status tab. Check the email, with the registered e-mail id and select action Send Activation Mail with Password Reset Link from Select Action dropdown list and then click on Apply button.

Now, Open your email id. Open the mail you get from miniOrange and then click on the link to set your account password.
On the next screen, enter the password and confirm password and then click on the Reset Password button.

Now, you can login into miniOrange account by entering your credentials.

Step 4: Login to miniOrange Account

Go to miniOrange dashboard and select User Dashboard from right side menu.

Click on Canvas LMS (SAML) application which you added, to verify your sso configuration.

Using Two Factor Authentication for Canvas LMS

The most practical way to strengthen authentication is to require a second factor after the username/password stage. Since a password is something that a user knows, ensuring that the user also has something or using biometrics thwarts attackers that steal or gain access to passwords.

Traditional two-factor authentication solutions use hardware tokens (or "fobs") that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $40 each. It takes time and effort to distribute them, track who has which one, and replace them when they break. They're easy to lose, hard to use, and users consistently report high levels of frustration with token-based systems.

For Further Details:

Guide For Single Sign On (SSO)
Canvas- Learning Management System