How to Setup Google Workspace SAML Connector to KnowBe4 for SSO
Follow the steps below to configure single sign-on with Google Workspace. Enabling SSO will allow your users to automatically sign in to KnowBe4 for their security awareness training using their Google account.
- Login to https://admin.google.com and select Apps.
- Select Web and mobile apps, and then click the Add App drop-down. Select Search for apps.
- Search for KnowBe4 and click Select on the app with Web (SAML) as the platform.
- Download the IDP metadata file. Keep this in an accessible place because you'll need the SHA1 fingerprint and SSO URL found in this file for step 9. Click Continue.
- Fill out the fields with the appropriate information specified below. Enable Signed Response by selecting the checkbox then click Continue.
- ACS URL:
You can obtain this under your KnowBe4 account settings:- Log in to your KnowBe4 admin account.
- Click your email address on the top-right, then click Account Settings.
- Navigate to the SAML section of your settings and copy the Callback Link.
- Example: https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx/callback
- Entity ID: KnowBe4
- If a unique entity ID was generated for your KnowBe4 account, use the ID shown in your Account Settings.
- Start URL:
You can obtain this under your KnowBe4 account settings:- Log in to your KnowBe4 admin account.
- Click your email address on the top-right, then click Account Settings.
- Navigate to the SAML section of your settings and copy the Sign in URL.
- Example: https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx
- Signed Response: ENABLE
- Name ID: Basic Information – Primary Email
- Name ID Format: EMAIL
- ACS URL:
- Add the following Attribute Mapping, then click FINISH:
- Basic Information – Primary Email
- Click User access and select ON for everyone under Service Status. Click Save.
- Follow the instructions listed in our How to Set Up SAML guide to complete the SAML configuration.
Note: The IDP metadata file includes your X.509 certificate. To set up SAML, you will need the SHA1 Fingerprint instead. To learn how to convert the X.509 certificate into a SHA1 Fingerprint, see our How to Convert an X.509 Certificate to a SHA1 Fingerprint for SAML article.
- The SHA1 fingerprint
- Example: A1:2B:C3:D4:E6:F7:88:GG:H9:76:4A:2D:CF:AB:A6:A0:20:88:00
- The SSO URL
- The SHA1 fingerprint
For further assistance with this feature, please contact our support team and they would be happy to help.
Comments
0 comments
Article is closed for comments.