A faculty member's SSO account allows him to access all apps except one. Does this have something to do with Azure?

Question

The faulty member can log into his MyApps account successfully, and open every App successfully through SSO, except for Canvas. I have spoken to Canvas Support all morning and they're saying it's an issue with Microsoft.

Answer 1

Hello @Jamie Menshouse,

Thank you for posting your query on Microsoft Q&A.

As per your description, faculty users can access all applications from the MyApps portal except the Canva application. It appears that Canva, a gallery app, is configured within Enterprise applications in Entra ID. To investigate why users are not experiencing SSO behavior, we need to examine the SAML Request sent from the Service Provider (Canva) to the Identity Provider (Azure).

Please check the value of the ForceAuthn parameter in the SAML request. If it is set to true, users will be prompted to reauthenticate, regardless of having a valid session with Microsoft Entra ID. This may cause users to reauthenticate unnecessarily to the application.

For an example of a SAML request, please refer to the following document:

Single Sign-On (SAML protocol) - AuthnRequest

You can capture HTTP traffic using the instructions provided in the following browser trace document:

Capture browser trace

I hope this information is helpful. Please feel free to reach out if you have any further questions.

Please Accept the answer if the information helped you. This will help us and others in the community as well. Thanks,
Raja Pothuraju.