Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

How Do I Enable SSO/SAML for Azure Active Directory (AD)?

Avatar
Katie Brennan
Updated

Configuring SSO with Azure Active Directory (AD)

The below steps will allow you to configure single sign-on with your Azure Active Directory. This will allow you to enable your users to automatically sign-in to KnowBe4 for their security awareness training. You'll also be able to control in your Active Directory who has access to KnowBe4. 

You'll need an Azure AD subscription to follow the steps below. Please note that these screenshots pertain to the newest Azure Portal.

First, add KnowBe4 from the Apps tab

To do so, log in to your Azure account and click the Azure Active Directory tab. Then, complete the following steps:

  1. Click Azure Active Directory on the left side of the console.
  2. Click Find an Enterprise App.
  3. Click + New Application in the top left.
  4. Type KnowBe4 into the Add from the gallery field.
  5. Enter the name you would like to call the app, then click the Add button at the bottom.
  6. Once added, click the Single sign-on tab. In the drop-down, select SAML-based Sign-on.
  7. Next, obtain your unique Sign in URL by completing the following steps:
    1. Log into KnowBe4.
    2. Click your email address on the top right and then click Account Settings.
    3. Navigate to the SAML section and find your unique Callback URL and Sign in URL.
  8.  Once you obtain the SSO Sign In URL for your account, complete the following steps on the Configure App Settings page:
    1. In the Identifier text box, enter KnowBe4 (case-sensitive).
    2. In the Reply URL text box, enter the unique Callback URL you obtained in Step c, above.
      Example: https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx/callback
    3. In the Sign on URL text box, enter the unique Sign in URL you obtained in Step c, above.
      Example: https://training.knowbe4.com/auth/saml/xxxxxxxxxxxx

    Note:

    You only need to fill out the other fields in particular circumstances. For instance, if you are using MFA for Azure, you’ll need to add your callback link to the Relay State field.

  9. In the User Attributes & Claims section, delete these fields:
    1. givenname
    2. surname
    3. emailaddress
    4. name
  10. Edit the Source attribute under Unique User Identifier to user.mail.
  11. Next, copy the Thumbprint shown under the SAML Signing Certificate section.
  12. Then, copy the Login URL from the Set up section to send along with the above SHA-1 Thumbprint.

Note: You will need to paste the Thumbprint and Login URL in the IdP SSO Target URL and IdP Cert Fingerprint fields during your SAML Single Sign-on setup for the Security Awareness Training Platform.

  1. Click the Users and groups tab, then the Add user button to add your groups or users.
  2. Choose the groups or users to add to the app and click the Select button. 
  3. Once the users and/or groups have been selected, click the Assign button.
  4. To complete the configuration, follow the instructions listed in our How to Guide.

Note:

If you need to pass a different attribute to us, you can do so by modifying the User Attributes & Claims section.

Still need assistance? Submit a support ticket.

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles