In this article, you can learn how to use configure single sign-on (SSO) for your KSAT console with Okta. If your organization uses Okta, configuring SSO will allow your users to automatically sign in to the Learner Experience by authenticating with Okta.
Configuring SSO with the Default Entity ID
To configure SSO by using the default entity ID, follow the steps below:
- Log in to your Okta account.
- Navigate to the Applications tab.
- Click Browse App Catalog.
- In the search box, type in "KnowBe4 SAML", then click the KnowBe4 SAML application.
- Click + Add Integration.
- In the Application label field, enter a name for the integration.
- Click Done.
In a separate browser tab or window, you'll need to copy your SAML ID from KSAT. To copy your SAML ID, follow the steps below:
- Log in to your KSAT console.
- Click your email address on the top-right corner, then select Account Settings.
- In your Account Settings, navigate to SAML > SAML Settings.
- Copy the text in the SAML ID field.
Finally, you'll need to return to Okta to finish configuring SSO.
- Navigate to the KnowBe4 SAML application again.
- Select the Sign On subtab.
- Click Edit.
- Go to the Advanced Sign-on Settings section.
- In the SAML ID field, paste the SAML ID you copied above.
- In the Base URL field, enter the URL for the KSAT instance you use. The instances are listed below:
- United States: https://training.knowbe4.com
- European Union: https://eu.knowbe4.com
- Canada: https://ca.knowbe4.com
- Germany: https://de.knowbe4.com
- United Kingdom: https://uk.knowbe4.com
- Click Save.
- Click More details.
Note:For SSO to work properly, you may need to change the Application username format field to Email. To edit the settings on this page, click the Edit button.
- Click Certificate fingerprint.
- Copy the IDP SSO Target URL and IDP Cert fingerprints and save them. You'll need these fingerprints to finish configuring SSO.
- Finish setting up SAML in your KSAT console. For more information, see our Set Up SAML Single Sign-on (SSO) for the Security Awareness Training Console article.
Configuring SSO with a Custom Entity ID
To configure SSO by using a custom entity ID, follow the steps below:
- Log in to your Okta account.
- Navigate to the Applications tab.
- Click Browse App Catalog.
- In the search box, type in KnowBe4 SAML, then click the KnowBe4 SAML application.
- Click + Add Integration.
- In the Application label field, enter a name for the integration.
- Click Done.
In a separate browser window, you'll need to create your Unique Entity ID from KSAT.
- Log in to your KSAT console.
- Click your email address at the top-right corner, then select Account Settings.
- In your Account Settings, navigate to SAML > SAML Settings.
- Click on Generate Unique Entity ID.
Finally, return to Okta to continue configuring SSO.
- Navigate to the KnowBe4 SAML application again.
- Select the Sign On subtab.
- Click Edit.
- Go to the Advanced Sign-on Settings section.
- In the SAML ID field, paste the SAML ID from KSAT.
- In the Entity ID field, paste the Entity ID from KSAT.
- In the Base URL field, enter the URL for the KSAT instance you use. The instances are listed below:
- United States: https://training.knowbe4.com
- European Union: https://eu.knowbe4.com
- Canada: https://ca.knowbe4.com
- Germany: https://de.knowbe4.com
- United Kingdom: https://uk.knowbe4.com
- Click Save.
- Click More details.
- Click Certificate fingerprint.
- Copy the IDP SSO Target URL and IDP Cert fingerprints and save them. You'll need these values to finish configuring SSO.
- Finish setting up SAML in your KSAT console. For more information, see our Set Up SAML Single Sign-on (SSO) for the Security Awareness Training Console article.