SAML configuration for ADFS
Follow these steps to configure Single Sign-On (SSO) to Canva via ADFS:
- Log in to the server where ADFS is installed. If you need help deploying ADFS, check this guide.
- Open the ADFS management console, and select Trust Relationships,
- Click Relying Party Trusts from the left console tree.
- Click Add Relying Party Trust from the Actions menu on the right.
- In the Select Data Source step, toggle the option Enter data about the relying party manually.
- Enter the display name for your application in the Specify Display Name tab: Canva. Add optional notes you may need.
- On the Choose Profile tab, select AD FS Profile.
- On the Configure URL tab, select the box Enable Support for the SAML 2.0 WebSSO protocol, and enter Canva’s SAML service endpoint: https://www.canva.com/login/saml
- On the Configure Identifiers tab, enter https://www.canva.com, and click Add.
- Add optional multi-factor authentication.
- Select Permit all users to access this relying party. Click Next and review your settings.
- Ensure the Open the Edit Claim Rules dialog for this relying party trust is toggled when the wizard closes. Select Close.
- Create rules or assertion claims for your relying party trust (your Canva account). You’ll need two claims: one for Canva Attributes, and one for NameID.
note: Canva only receives the outgoing claim type attributes and values, so the list of attributes might look different.
- Click Add Rule.
- Create a rule to send LDAP attributes as Claims. Add outgoing claim types for Email, FirstName, and LastName.
note: Outgoing claim types are case sensitive.
- Create another rule to transform an incoming claim.
- Download https://youradfshost.com/federationmetadata/2007-06/federationmetadata.xml
- Copy the following values into the text fields in the SAML Authentication section on your team’s Account settings:
– Issuer (with /idp/endpoint/HttpPost appended) → SAML 2.0 Endpoint (HTTP)
– Issuer → Identity Provider Issuer
– From the certificate you downloaded, copy all the text → Public Certificate