Configuring SSO for Okta

Follow the steps below to configure single sign-on with Okta. Enabling SSO will allow your users to automatically sign-in to KnowBe4 for their security awareness training using their Okta account.

Please note that you will need an Okta subscription to configure single sign-on with Okta. For additional assistance, we recommend you review Okta's documentation.

Jump to: 

Configuring SSO for Okta Using the Default Entity ID

Configuring SSO for Okta Using a Custom Entity ID

Configuring SSO for Okta Using the Default Entity ID

Follow the steps below to finish configuring your SAML settings with Okta if you are using the default entity ID.

1. Log in to your Okta account and click the Applications tab. 
2. Click the Add Application button on the top-left.
   
3. In the search box, type in "KnowBe4 SAML". You'll see "KnowBe4 SAML" appear in the list. Click the Add button on the right.
   

Next, obtain your KnowBe4 SSO Sign In URL.

3. Obtain your unique SSO Sign In URL by completing the following steps:
   1. Log in to your KnowBe4 account.
   2. Click on your email address on the top-right and click Account Settings.
   3. Navigate to the SAML section and expand the SAML Settings tab.
   4. Copy your unique SSO Sign-in URL.
      

Finally, configure your single sign-on.

4. Once you obtain the SSO Sign In URL for your account, complete the following steps on the Configure App Settings page:
   1. In the SAML Account ID text box, enter only the account ID number you obtained in step 3 above. For example, if your callback URL is: https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx/callback, enter: xxxxxxxxxxxx
      (Note: This will be a mixed string of alpha-numeric characters)
   2. In the Base URL text box, enter: https://training.knowbe4.com
      (Note: If you are on KnowBe4’s EU Server, enter: https://eu.knowbe4.com)
   3. Click the Next button.
      
5. Choose the users and/or groups you wish to assign the application to, then click the Next button.
   
6. Once you’ve created the assignments, go to the Sign On tab and click the View Setup Instructions button.
   

   Note:

   You may need to change the Application username format field to Email in order for single sign-on to work properly. To edit the settings on this tab, click the Edit button in the top right corner and the fields will become editable.

   
   
7. Copy the IDP SSO Target URL and IDP Cert Fingerprint and follow the steps in this article to complete the setup.

Back to Top

Configuring SSO for Okta Using a Custom Entity ID

Follow the steps below to finish configuring your SAML settings with Okta if you are using a custom entity ID.

1. Log in to your Okta account and click the Applications tab. Click the Add Application button on the top-left.
   
2. Click Create New App.
   
3. From the Platform drop-down menu, select Web. 
   
4. From the Sign on method drop-down, select SAML 2.0, then click Create.
5. Give the application a descriptive name such as “KnowBe4 SAML” and choose a logo if you’d like.
   
6. In the App visibility field, we suggest you select both options until you are ready to make SAML available for your users. Then, click Next.
7. In the Single sign on URL field enter the “callback” URL found in your Account Settings.
   
8. In the Audience URI (SP Entity ID) field enter your custom entity ID.
9. In the Name ID format drop-down, select EmailAddress. Then, click Next.
10. In the Are you a customer or partner field, choose I'm an Okta customer adding an internal app. The rest of the fields on this page can be left blank. Then, click Finish.
    
11. Click View Setup Instructions.
    
12. Next, copy the Okta Identity Provider Single Sign-On URL and paste it into the IdP SSO Target URL field in your KnowBe4 Account Settings page
13. Convert the Okta X.509 certificate into either SHA-1 or SHA-256 and paste it into the IDP Cert Fingerprint field of your KnowBe4 Account Settings page.
14. From Okta, go to Assignments and select the users and groups that you want to assign the SAML app to. 
    

Back to Top