Canto Integration, Setup and Preferences
      Back to home
      1. Knowledge Base
      2. Canto Integration, Setup and Preferences

      How do you set up SSO in Canto?

      This guide explains the information and steps required to set up Single Sign-On (SSO) for Canto. By gathering these details in advance, you can speed up the activation process and avoid delays.

      Step 1 — Gather Required Information

      Before proceeding with the setup of SSO, please prepare answers to the following questions:

      • Identity Provider (IDP)

        Which IDP do you use?

        Examples: Azure AD (Entra ID), ADFS, Okta, G-Suite.

      • Who can log in to Canto?

        • Only users within your organisation

        • OR organisation users plus external collaborators (e.g., agencies, partners, customers)

      • Role Management

        Should user roles be managed in your IDP or in Canto?

      • Group Management

        Should user groups be managed in your IDP or in Canto?

      • Main Library Access

        Should SSO users be able to access the Main Library (where all content is stored)?

      While the choice is yours, databasics recommends:

      • Hybrid login mode (for both internal and approved external users)

      • Manage roles in your IDP (IT team maintains full control over permissions)

      • Manage groups in Canto (Canto’s built-in group feature works best when managed internally)

      Please note:

      • If hybrid mode isn't needed, managing all users directly in Canto can be easier.

      • Canto Groups let you assign access for Portals to multiple users at once, instead of one by one.

      Step 2 — Provide Configuration Files

      Once you’ve answered the above questions, we will send you the instructions corresponding to your answer. Your IT team may then start setting up within your IDP.

      Once the setup has completed, send your federation XML file to databasics team to handle the rest of the configuration.
      If using Azure AD as the IDP, also provide the group unique ID from Azure AD.

      Step 3 — Test of SSO

      Once the remaining setup has been completed, we will then ask you to log in to Canto using SSO and check for any error messages.

      Finally, we can disable hybrid mode (if no longer required) so that SSO becomes the primary login method.

      Additional Resources:

      For additional resources please see the Single Sign On Article provided by Canto.