SAML Single Sign-On (SSO)

Share

Is this article helpful?

Last updated:

Enable SAML Single Sign-on (SSO) for Okta

In this article, you can learn how to use configure single sign-on (SSO) for your KSAT console with Okta. If your organization uses Okta, configuring SSO will allow your users to automatically sign in to the Learner Experience by authenticating with Okta.

Important:For SSO to work properly, the email address that your users authenticate with must be entered in the Email or Email Aliases field of their User Profile. However, only the email address listed in the Email field will receive training notification emails. For more information, see our User Profile Guide.
Note: You'll need an Okta subscription to configure single sign-on with Okta. For additional assistance, we recommend that you see Okta's documentation.

Configuring SSO with the Default Entity ID

To configure SSO by using the default entity ID, follow the steps below:

Important:If you're using a custom entity ID instead, follow the steps in the Configuring SSO for Okta Using a Custom Entity ID section below.
  1. Log in to your Okta account.
  2. Navigate to the Applications tab. 
  3. Click Browse App Catalog. Browse App Catalog button
  4. In the search box, type in "KnowBe4 SAML", then click the KnowBe4 SAML application.
  5. Click + Add Integration. Add Integration button
  6. In the Application label field, enter a name for the integration. Application label field
  7. Click Done.

In a separate browser tab or window, you'll need to copy your SAML ID from KSAT. To copy your SAML ID, follow the steps below:

  1. Log in to your KSAT console.
  2. Click your email address on the top-right corner, then select Account Settings.
  3. In your Account Settings, navigate to SAML > SAML Settings.
  4. Copy the text in the SAML ID field. 

Finally, you'll need to return to Okta to finish configuring SSO.

  1. Navigate to the KnowBe4 SAML application again.
  2. Select the Sign On subtab.
  3. Click Edit. Edit button
  4. Go to the Advanced Sign-on Settings section.
  5. In the SAML ID field, paste the SAML ID you copied above.
  6. In the Base URL field, enter the URL for the KSAT instance you use. The instances are listed below:
    • United States: https://training.knowbe4.com
    • European Union: https://eu.knowbe4.com
    • Canada: https://ca.knowbe4.com
    • Germany: https://de.knowbe4.com
    • United Kingdom: https://uk.knowbe4.com
  7. Click Save.
  8. Click More details. 
    Note:For SSO to work properly, you may need to change the Application username format field to Email. To edit the settings on this page, click the Edit button.
    View Setup Instructions button
  9. Click Certificate fingerprint.
  10. Copy the IDP SSO Target URL and IDP Cert fingerprints and save them. You'll need these fingerprints to finish configuring SSO.
  11. Finish setting up SAML in your KSAT console. For more information, see our Set Up SAML Single Sign-on (SSO) for the Security Awareness Training Console article.
Important:Before your users can start authenticating using Okta, you'll need to assign them to the KnowBe4 app in Okta. You can assign users and groups from the Assignments subtab.

Configuring SSO with a Custom Entity ID

To configure SSO by using a custom entity ID, follow the steps below:

Important:If you're using the default entity ID instead, follow the steps in the Configuring SSO for Okta Using a Default Entity ID section above.
  1. Log in to your Okta account.
  2. Navigate to the Applications tab. 
  3. Click Browse App Catalog.
  4. In the search box, type in KnowBe4 SAML, then click the KnowBe4 SAML application.
  5. Click + Add Integration
  6. In the Application label field, enter a name for the integration.
  7. Click Done

In a separate browser window, you'll need to create your Unique Entity ID from KSAT.

  1. Log in to your KSAT console.
  2. Click your email address at the top-right corner, then select Account Settings.
  3. In your Account Settings, navigate to SAML > SAML Settings.
  4. Click on Generate Unique Entity ID.

Finally, return to Okta to continue configuring SSO.

  1. Navigate to the KnowBe4 SAML application again.
  2. Select the Sign On subtab.
  3. Click Edit.
  4. Go to the Advanced Sign-on Settings section.
  5. In the SAML ID field, paste the SAML ID from KSAT.
  6. In the Entity ID field, paste the Entity ID from KSAT.
  7. In the Base URL field, enter the URL for the KSAT instance you use. The instances are listed below:
  8. Click Save.
  9. Click More details.
  10. Click Certificate fingerprint.
  11. Copy the IDP SSO Target URL and IDP Cert fingerprints and save them. You'll need these values to finish configuring SSO.
  12. Finish setting up SAML in your KSAT console. For more information, see our Set Up SAML Single Sign-on (SSO) for the Security Awareness Training Console article.
Important:Before your users can start authenticating using Okta, you'll need to assign them to the KnowBe4 app in Okta. You can assign users and groups from the Assignments subtab.

Was this article helpful?

2 out of 4 found this helpful

Can't find what you're looking for?

Contact Support