Share via

A faculty member's SSO account allows him to access all apps except one. Does this have something to do with Azure?

Jamie Menshouse 0 Reputation points
2024-07-11T17:25:21.0066667+00:00

The faulty member can log into his MyApps account successfully, and open every App successfully through SSO, except for Canvas. I have spoken to Canvas Support all morning and they're saying it's an issue with Microsoft.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,542 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 1,600 Reputation points Microsoft Vendor
    2024-07-15T07:15:24.81+00:00

    Hello @Jamie Menshouse,

    Thank you for posting your query on Microsoft Q&A.

    As per your description, faculty users can access all applications from the MyApps portal except the Canva application. It appears that Canva, a gallery app, is configured within Enterprise applications in Entra ID. To investigate why users are not experiencing SSO behavior, we need to examine the SAML Request sent from the Service Provider (Canva) to the Identity Provider (Azure).

    Please check the value of the ForceAuthn parameter in the SAML request. If it is set to true, users will be prompted to reauthenticate, regardless of having a valid session with Microsoft Entra ID. This may cause users to reauthenticate unnecessarily to the application.

    For an example of a SAML request, please refer to the following document:

    Single Sign-On (SAML protocol) - AuthnRequest

    You can capture HTTP traffic using the instructions provided in the following browser trace document:

    Capture browser trace

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    Please Accept the answer if the information helped you. This will help us and others in the community as well. Thanks,
    Raja Pothuraju.