Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

How Do I Enable SSO/SAML for Google Workspace (Google Apps)?

Avatar
Katie Brennan
Updated

How to Setup Google Workspace SAML Connector to KnowBe4 for SSO

Follow the steps below to configure single sign-on with Google Workspace. Enabling SSO will allow your users to automatically sign in to KnowBe4 for their security awareness training using their Google account.

  1. Login to https://admin.google.com and select Apps.
  2. Select Web and mobile apps, and then click the Add App drop-down. Select Search for apps.

  3. Search for KnowBe4 and click Select on the app with Web (SAML) as the platform.
  1. Download the IDP metadata file. Keep this in an accessible place because you'll need the SHA1 fingerprint and SSO URL found in this file for step 10. Click Continue.

  2. Fill out the fields with the appropriate information specified below. Enable Signed Response by selecting the checkbox then click Continue.
    • ACS URL:
      You can obtain this under your KnowBe4 account settings:
      • Log in to your KnowBe4 admin account.
      • Click your email address on the top-right, then click Account Settings.
      • Navigate to the SAML section of your settings and copy the Callback Link.
        • Example: https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx/callback
    • Entity ID: KnowBe4
      • If a unique entity ID was generated for your KnowBe4 account, use the ID shown in your Account Settings.
    • Start URL:
      You can obtain this under your KnowBe4 account settings:
      • Log in to your KnowBe4 admin account.
      • Click your email address on the top-right, then click Account Settings.
      • Navigate to the SAML section of your settings and copy the Sign in URL.
        • Example: https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx
    • Signed Response: ENABLE
    • Name ID: Basic Information – Primary Email
    • Name ID Format: EMAIL
  1. Add the following Attribute Mapping, then click FINISH:
    • Basic Information – Primary Email
  2. Click User access and select ON for everyone under Service Status. Click Save.
  3. Follow the instructions listed in our How to Set Up SAML guide to complete the SAML configuration. 

    Note: The IDP metadata file includes your X.509 certificate. To set up SAML, you will need the SHA1 Fingerprint instead. To learn how to convert the X.509 certificate into a SHA1 Fingerprint, see our How to Convert an X.509 Certificate to a SHA1 Fingerprint for SAML article.

    • The SHA1 fingerprint 
      • Example:A1:2B:C3:D4:E6:F7:88:GG:H9:76:4A:2D:CF:AB:A6:A0:20:88:00
    • The SSO URL

For further assistance with this feature, please contact our support team and they would be happy to help.

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles