Ally needs to be able to sync data such as courses and files from the Canvas REST API to generate reports and provide instructor feedback. To do this securely, an access token needs to be generated.

This is only available to administrators in the Instructure Canvas LMS.

Step 1: Create a new account role

Having a new account role allows you to define the permissions the Ally service will have. While you can see specifically which permissions are granted to the Ally service in the Canvas administration interface, at a high level these permissions allow Ally to download term, course, and file information for generating accessibility feedback and alternative versions. It also allows Ally to delete and replace file content which are important operations in helping instructors remediate their course content.

  1. Sign into your Canvas installation as an administrator.
  2. Select Admin icon in the left hand navigation and select your account in the window that slides open.
  3. Select Permissions and select Account Roles.
  4. Select Add Role.
  5. Save a role named Ally. Once saved, a new column named Ally should be in the table.
  6. In the Ally column, enable these permissions.
    • Announcements - view
    • Assignments and Quizzes - add / edit / delete
    • Course Content - add / edit / delete
    • Course Content - view
    • Courses - change visibility
    • Courses - manage / update
    • Courses - view list
    • Discussions - moderate
    • Discussions - view
    • LTI - add / edit / delete
    • Manage Course Files
      • Course Files - add
      • Course Files - delete
      • Course Files - edit
    • Manage Course Templates
      • Course Templates - create
      • Course Templates - edit
    • Manage Courses
      • Courses - add
    • Manage Pages
      • Pages - create
      • Pages - update
    • User - act as

Step 2: Create a new user

It's considered best practice to create a new user for each integration with Canvas. If users for your institution are created directly in Canvas, please follow these instructions to do so. However, if users are managed in an external system such as SIS or LDAP, please follow the process for creating users for use in Canvas for your institution, then continue to grant the new user the Ally role.

If users are created directly in Canvas for your institution, please complete these steps.

  1. Navigate to the Users page under your account management.
  2. Select New User and add a new user called Ally.
  3. Make sure the Email the user about this account creation check box is selected.
  4. Select the link you received in your email inbox to verify the account.

Step 3: Grant the new user the Ally role

  1. Navigate to the Settings page under your account management.
  2. Select Admins.
  3. Select the + Account Admins button to add the user.
  4. In the form that popped open, ensure the Ally role is selected in the menu.
  5. If users are created directly in Canvas at your institution, you are prompted to enter the email address of the user that you created in the previous section. If your user was created in an external system such as SIS or LDAP, please enter the identifier of the user requested by Canvas in the field.
  6. Select Continue...
  7. If the user was found, select OK Looks Good.
  8. Confirm the Ally user was added to the list.

Step 4: Generate an access token

In this final step, we'll generate an access token that can be used by the Ally service to safely and securely interact with the REST API.

  1. Sign in as the Ally user.

    Masquerading as the Ally user won't work for these steps as Canvas forbids administrators setting up an access token on another user's behalf.

  2. Navigate to the user's settings by selecting Account in the left hand navigation followed by selecting on the Settings link in the new window.
  3. Select New Access Token.
  4. Enter integration as the purpose of the token, the expiration timestamp field can be left blank.
  5. Select Generate Token.
  6. A new window should appear that contains the access token. Please copy this token now, as once you leave this page you will no longer be able to access it.