Configuring SSO with Azure Active Directory (AD)

The below steps will allow you to configure single sign-on with your Azure Active Directory. This will allow you to enable your users to automatically sign-in to KnowBe4 for their security awareness training. You'll also be able to control in your Active Directory who has access to KnowBe4. 

You'll need an Azure AD subscription to follow the steps below. Note that these screenshots pertain to the newest Azure Portal.

First, add KnowBe4 from the Apps tab

To do so, log in to your Azure account and click the Azure Active Directory tab. Then, complete the following steps:

1. Click Azure Active Directory on the left side of the console.
   
2. Click Find an Enterprise App.
   
3. Click + New Application in the top left.
   
4. Type KnowBe4 into the Add from the gallery field.
   
5. Enter the name you would like to call the app, then click the Add button at the bottom.
   
6. Once added, click the Single sign-on tab. In the drop-down, select SAML-based Sign-on.
   
7. Next, obtain your unique Sign in URL by completing the following steps:
   1. Log into KnowBe4.
   2. Click your email address on the top right and then click Account Settings.
   3. Scroll down to the SAML section and find your unique Sign in URL.
      
8.  Once you obtain the SSO Sign In URL for your account, complete the following steps on the Configure App Settings page:
   
   1. In the Identifier text box, enter KnowBe4 (case-sensitive).
   2. In the Sign on URL text box, enter the unique URL you obtained in Step c, above.
      Example: https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx

   Note:

   You only need to fill out the other fields in particular circumstances. For instance, if you are using MFA for Azure, you’ll need to add your callback link to the Relay State field.

   
9. In the User Attributes & Claims box, change the Unique User Identifier to user.mail.
   
   
10. Next, we will get the information needed to send to KnowBe4 support to complete the integration. First, copy the Thumbprint shown under the SAML Signing Certificate section.
    
11. Then, copy the Login URL from the Set up section to send along with the above SHA-1 Thumbprint to KnowBe4 Support. 
    
12. Click the Users and groups tab, then the Add user button to add your groups or users.
    
13. Choose the groups or users to add to the app and click the Select button. 
    
14. Once the users and/or groups have been selected, click the Assign button.
    
15. To complete the configuration, send the Azure AD Single Sign-On Service URL and SHA1 Thumbprint to KnowBe4 support to complete the integration. Once the support agent replies that it is enabled, you are all set. 

Still need assistance? Submit a support ticket.