Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Română Русский svenska Kiswahili ไทย Türkçe Українська Tiếng Việt 简体中文 中文 (香港) 繁體中文

How Do I Enable SSO/SAML for Google Workspace (Google Apps)?

Avatar
Katie Brennan
Updated
Follow

How to Setup Google Apps SAML Connector to KnowBe4 for SSO

Below are instructions on how to set up a SAML connector to KnowBe4 for SSO.

  1. Login to https://admin.google.com and select Apps.
  2. Select SAML apps, and then New App by clicking the Plus Button in the lower right corner.

  3. Scroll through the list and select KnowBe4.
  1. Download the IDP metadata file. Keep this in an accessible place because you'll need the SHA1 fingerprint and SSO URL found in this file for step 10. Click Next.

  2. The Application Name, Description, and app-id will be displayed, click Next.
  3. Fill out the fields with the appropriate information specified below. Enable Signed Response by selecting the checkbox then click Next.
    • ACS URL:
      You can obtain this under your KnowBe4 account settings:
      • Log in to your KnowBe4 admin account.
      • Click your email address on the top-right, then click Account Settings.
      • Navigate to the SAML section of your settings and copy the Callback Link.
        • Example: https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx/callback
    • Entity ID: KnowBe4
      • If a unique entity ID was generated for your KnowBe4 account, use the ID shown in your Account Settings.
    • Start URL:
      You can obtain this under your KnowBe4 account settings:
      • Log in to your KnowBe4 admin account.
      • Click your email address on the top-right, then click Account Settings.
      • Navigate to the SAML section of your settings and copy the Sign in URL.
        • Example: https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx
    • Signed Response: ENABLE
    • Name ID: Basic Information – Primary Email
    • Name ID Format: EMAIL
  1. Add the following Attribute Mapping, then click FINISH:
    • name_id
    • Basic Information
    • Primary Email
  2. Turn SAML App ON for everyone or for some organizations.
  3. Confirm that you'd like to turn on the SAML App (Note: Google states that this may take up to 24 hours to propagate to all users).
  4. Follow the instructions listed in our How to Set Up SAML guide to complete the SAML configuration. 

    Note: The IDP metadata file includes your X.509 certificate. To set up SAML, you will need the SHA1 Fingerprint instead. To learn how to convert the X.509 certificate into a SHA1 Fingerprint, see our How to Convert an X.509 Certificate to a SHA1 Fingerprint for SAML article.

    • The SHA1 fingerprint 
      • Example:A1:2B:C3:D4:E6:F7:88:GG:H9:76:4A:2D:CF:AB:A6:A0:20:88:00
    • The SSO URL

Still need assistance? Contact support.

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles