How to Setup Google Apps SAML Connector to KnowBe4 for SSO

Below are instructions on how to set up a SAML connector to KnowBe4 for SSO.

1. Login to https://admin.google.com and select Apps.
   
2. Select SAML apps, and then New App by clicking the Plus Button in the lower right corner.
   
   
3. Scroll through the list and select KnowBe4.

4. Download the IDP metadata file. Keep this in an accessible place because you'll need the SHA1 fingerprint and SSO URL found in this file for step 10. Click Next.
   
   
5. The Application Name, Description, and app-id will be displayed, click Next.
   
6. Fill out the fields with the appropriate information specified below. Enable Signed Response by selecting the checkbox then click Next.
   • ACS URL:
     You can obtain this under your KnowBe4 account settings:
     
     • Log in to your KnowBe4 admin account.
     • Click your email address on the top-right, then click Account Settings.
     • Scroll to the SAML section of your settings and copy the Callback Link.
       • Example: https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx/callback
   • Entity ID: KnowBe4
   • Start URL:
     You can obtain this under your KnowBe4 account settings:
     • Log in to your KnowBe4 admin account.
     • Click your email address on the top-right, then click Account Settings.
     • Scroll to the SAML section of your settings and copy the Sign in URL.
       • Example: https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx
   • Signed Response: ENABLE
     
   • Name ID: Basic Information – Primary Email
   • Name ID Format: EMAIL
   

7. Add the following Attribute Mapping, then click FINISH:
   • name_id
   • Basic Information
   • Primary Email
   
8. Turn SAML App ON for everyone or for some organizations.
9. Confirm that you'd like to turn on the SAML App (Note: Google states that this may take up to 24 hours to propagate to all users).
10. Follow the instructions listed in our How to Set Up SAML guide to complete the SAML configuration.
    

    Note:

    You can find this information in the IDP metadata file you downloaded in step 4.

    • The SHA1 fingerprint 
    • Example:A1:2B:C3:D4:E6:F7:88:GG:H9:76:4A:2D:CF:AB:A6:A0:20:88:00
    • The SSO URL

Still need assistance? Contact support.