Why eLearning Applications Would Implement Canvas SSO

By implementing a Canvas SSO, applications allow school admins to manage accounts and passwords through Canvas – rather than the app. This would let edtech developers not have to build (or manage) a database containing sensitive passwords – a plus. And apps wouldn’t receive as many support tickets from users who are having trouble figuring out how to sign in. Why? In this case, school admins are responsible for managing Canvas passwords, already. So, it wouldn’t make sense for an app to do that as well. And the tickets that would get directed to the app, now would just stay with Canvas.

By building SSO solutions into the app, developers will also be able to do further integrations – think course syncing and grade passback. Integration features like these let apps act on behalf of authenticated users. Many schools are interested in apps that can provide these functions (and more) with Canvas. Schools with RFPs for these integration features, ultimately seek a realistic end-user experience.

Method 1: Canvas SSO through API Integration

Canvas can facilitate an SSO integration through the Canvas API. When integrated, users can start on an edtech website or mobile app, and click a "Sign In With Canvas" button. Canvas then prompts the user for a username and password. The app never sees the password the user entered.

After signing into Canvas, the user is redirected back to the website/app with a code that corresponds to the account. Using this code, the app can ask Canvas for more details about the user, such as personal information, course enrollments, or assignments.

Canvas requires users to log into the Canvas environment specific to their school. An app’s "Sign In With Canvas" button must direct the user to sign in at the school's custom Canvas domain.

A Canvas API SSO integration is the first step to develop deeper integrations. Once Canvas authenticates a user, then an app has the ability to perform in Canvas on behalf of a user. At this point, the app can gather a list of its courses or send grades back to the LMS’s gradebook.

Method 2: Canvas SSO through LTI

Canvas supports LTI 1.3 and the LTI Advantage services. LTI apps are designed to be accessed within a course in the LMS. LTI apps must be configured by a teacher or administrator so that students in the course can access the app. Students and teachers can then launch into the application by selecting the tool from the course in Canvas. The process of launching the tool lets the app verify the user's identity and grant the user access.

With a Canvas LTI integration, SSO is always initiated from the LMS (i.e. students won't visit a website or mobile app to access the resource). After the LTI launch, the developer receives a set of URLs that can be used to perform further integrated functions, like grade syncing.

What are the challenges of SSO with Canvas?

There are some issues that app developers may encounter when trying to integrate an SSO solution into the app.

  1. Many apps try to identify users who sign in through Canvas by a user’s email address. Doing this can lead to problems and leave users vulnerable.
  2. Developers may also try to assign a universal role to students, teachers, and administrators in the app based on the user role in Canvas. But Canvas allows users to have multiple roles depending on the context – making roles more complex.
  3. With LTI’s multiple versions, each LMS handles LTI integrations differently – even if the LMSs support the same version. So, an LTI app for another LMS – like Moodle – doesn't always mean the app is going to work the same way in Canvas.

Read More on Canvas or SSO

Here are other articles we’ve written on Canvas or SSO to help you on your journey:

If you're looking for a partner who can help guide you through developing Canvas or SSO integrations (like these), then let’s introduce ourselves. We’re Edlink!