1. Home
  2. Applications
  3. Canva
  4. Enable SSO for Canva

Enable SSO for Canva

Purpose

Canva offers single sign-on via SAML integration with Practice Protect. This provides a seamless login experience to the Canva platform using IdP-initiated SAML.

Practice Protect will configure this on your behalf. Please send us an email at [email protected]

Pre-requisites

  • Canva for Teams as type of subscription
  • Active Canva account with administrator rights (Note: this can be your account so you don’t have to pay and create for another license account) 
  • Admin Access to Practice Protect
  • Username/Email for regular users should match the login names in Practice Protect.

Instructions

1. Login to your Practice Protect and switch to Admin portal (ex. mydomain.practiceprotect.app)

2. On Core Services, Click on Roles > Add Roles. Create a role and set the name field to “Canva SSO Users“. Then Save.

3. With the created role, click on Members Add. Add each member/user that will be part of the SSO. Then Save.

4. From the Apps & Widgets, go to Web Apps section. Then, choose Add Web Apps on the top right corner.

5. Go to Custom Tab > Scroll down and add SAML. Confirm to add the application by choosing “Yes“.

6. Rename the application to “Canva SSO” then Save. Note: You can change the name, category, or logo based on your preference.

7. Click on Trust > On Identity Provider Configuration select Manual Configuration > Click on Signing Certificate and click Download. This will download the certificate on your local PC which you will need for the below steps. Copy the IdP Entity ID/Issuer URL, Single Sign On URL and temporarily put it in a notepad. You will need these details for the below steps as well.

8. Scroll down to Service Provider Configuration and tick Manual Configuration.

9. Copy and fill out the details below
SP Entity ID / Issuer / Audiencehttps://www.canva.com
Assertion Consumer Service (ACS) URL – https://www.canva.com/login/saml

10. Click Save to apply changes.

11. Go to Permissions settings, add the role which contains the Canva users. (i.e. Canva SSO Users) and Save. This is for users to access Canva as an app in Practice Protect

12. Sign in to Canva. On the upper corner of the homepage, click the settings and go to Account Settings

13. From the side menu, click the SSO & Provisioning tab.

14. Click Get Started and confirm permissions and access to the setup tools. Click Take me to SSO set up to proceed.

15. On “Verify the domains you want to use SSO with, click “Add a domain“, A pop-up window will appear.

16. In the text field, enter the domain you’d like to use for your organization’s SSO log in.

17. Click Submit and then click Copy token.

Before you can log in using SSO, the TXT record needs to be verified. This usually happens within an hour after adding the TXT record, but can take longer depending on DNS record cache expiry (TTL).

To check its status, try using a site like https://dnschecker.org/ to see if the TXT record appears.

18. Copy the details you gathered from Step 7 and paste it on the following fields:

  • SAML 2.0 Endpoint (HTTP) – paste your Identity Provider Single Sign-on URL
  • Identity Provider Issuer – paste your Identity Provider Issuer
  • Public Certificate – open the certificate on any text editor, copy the contents inside and paste it.
    Note: No need to copy the lines “begin certificate” and “end certificate”

19. Click Save Changes.

Enforce SSO login

20. Under Login and sign up control, select the option “SSO required for everyone on your team“. Learn more about each option in Setting up login and signup controls.

21. Click Save Changes.
Note: Test your SSO login experience before requiring your team to log in via SSO.

22. Sign out to Canva, and test login.

23. On the login page, click Continue with email, and select Continue with single sign-on (SSO). Use Practice Protect credential to sign in.

Updated on April 26, 2023
Need Support?
Can't find the answer you're looking for?
Contact Support