Self-Serve SSO

This article is aimed to help provide context behind some of the fields that are included on the SSO form page.

Felix Higgs avatar
Written by Felix Higgs
Updated over a week ago

Setting up your SSO can be found under Admin > Settings > SSO

Provided Fields

Single Sign On URL

This will be the URL that you provide to your Identity Provider (IdP) platform.

The URL will be where the IdP sends out the SAML assertion when attempting to log your users in.

Audience URI

This will be provided to your IdP platform.

This dictates the audience that the resulting SAML assertion is intended for. It allows our systems to recognize that it is your company that is attempting to login and not someone else.

Required Fields

Identity Provider Single Sign On URL (IdP SSO URL)

This is the location where we will sign onto when going through the SSO flow.

When configuring a SAML application on your IdP, it will generate this URL.

x509 Public Key Certificate

The public key certificate that is associated with the SAML application you created on your IdP platform.

In Knak, it requires you to upload a valid certificate file.

Additional Information

For more information regarding SAML and how the SSO process works, visit this guide from Okta here.

Okta Setup

This section aims to help those using Okta as their Identity Provider to setup SSO on Knak.

Okta Application

On Okta, a SAML application must be configured to allow SSO to work on Knak. It is on this application where we will retrieve all the necessary information to setup SSO from the Knak side.

Please contact your IT department if you need to setup a new SAML application on Okta.

Okta Fields

This section will help lead you to where the required and provided field info can be found the Okta dashboard.

Single Sign On URL & Audience URI

When creating the SAML application on Okta, there will be a section to enter a Single Sign On URL as well as the Audience URI. This is where you will enter the Knak provided information into those fields.

Note: Application username type should be set to Email when creating the new application.

IdP SSO URL & x509 Certificate

After creating the SAML application on Okta, go to the Application’s page. Under the Sign On tab, scroll down until you see a subsection that says SAML Setup.

Click on View SAML setup instructions. This will redirect to a new page that will contain information such as the IdP SSO URL, IdP Issuer and the x509 Certificate.

Copy the IdP SSO URL and download the x509 certificate from this page and input it into the Knak SSO form.

SAML application page on Okta. Sign On tab where the SAML setup link will be:

Okta x Knak Information and Limitations

  • Users must be added within Knak to use the platform

    • IdP-initiated user provisioning is not currently supported. Knak supports the SCIM protocol of user provisioning. See the following article for instructions on how to set Okta up with SCIM.

  • Admins may choose if users must use the SSO login or whether they can log in with a password as well

Need more help? Contact support via live chat within Knak using the chat bubble in the bottom right corner or email

Did this answer your question?