Setting up your SSO can be found under Admin > Settings > SSO
Provided Fields
Single Sign On URL
This will be the URL that you provide to your Identity Provider (IdP) platform.
The URL will be where the IdP sends out the SAML assertion when attempting to log your users in.
Audience URI
This will be provided to your IdP platform.
This dictates the audience that the resulting SAML assertion is intended for. It allows our systems to recognize that it is your company that is attempting to login and not someone else.
Required Fields
Identity Provider Single Sign On URL (IdP SSO URL)
This is the location where we will sign onto when going through the SSO flow.
When configuring a SAML application on your IdP, it will generate this URL.
x509 Public Key Certificate
The public key certificate that is associated with the SAML application you created on your IdP platform.
In Knak, it requires you to upload a valid certificate file.
Additional Information
For more information regarding SAML and how the SSO process works, visit this guide from Okta here.
Okta Setup
This section aims to help those using Okta as their Identity Provider to setup SSO on Knak.
Okta Application
On Okta, a SAML application must be configured to allow SSO to work on Knak. It is on this application where we will retrieve all the necessary information to setup SSO from the Knak side.
Please contact your IT department if you need to setup a new SAML application on Okta.
Okta Fields
This section will help lead you to where the required and provided field info can be found the Okta dashboard.
Single Sign On URL & Audience URI
When creating the SAML application on Okta, there will be a section to enter a Single Sign On URL as well as the Audience URI. This is where you will enter the Knak provided information into those fields.
Note: Application username type should be set to Email when creating the new application.
IdP SSO URL & x509 Certificate
After creating the SAML application on Okta, go to the Application’s page. Under the Sign On tab, scroll down until you see a subsection that says SAML Setup.
Click on View SAML setup instructions. This will redirect to a new page that will contain information such as the IdP SSO URL, IdP Issuer and the x509 Certificate.
Copy the IdP SSO URL and download the x509 certificate from this page and input it into the Knak SSO form.
SAML application page on Okta. Sign On tab where the SAML setup link will be:
Okta x Knak Information and Limitations
Users must be added within Knak to use the platform
IdP-initiated user provisioning is not currently supported. Knak supports the SCIM protocol of user provisioning. See the following article for instructions on how to set Okta up with SCIM.
Admins may choose if users must use the SSO login or whether they can log in with a password as well
Need more help? Contact support via live chat within Knak using the chat bubble in the bottom right corner or email support@knak.com