Configuring SSO with Azure Active Directory (AD)
The below steps will allow you to configure single sign-on with your Azure Active Directory. This will allow you to enable your users to automatically sign-in to KnowBe4 for their security awareness training. You'll also be able to control in your Active Directory who has access to KnowBe4.
You'll need an Azure AD subscription to follow the steps below. Please note that these screenshots pertain to the newest Azure Portal.
First, add KnowBe4 from the Apps tab
To do so, log in to your Azure account and click the Azure Active Directory tab. Then, complete the following steps:
- Click Azure Active Directory on the left side of the console.
- Click Find an Enterprise App.
- Click + New Application in the top left.
- Type KnowBe4 into the Add from the gallery field.
- Enter the name you would like to call the app, then click the Add button at the bottom.
- Once added, click the Single sign-on tab. In the drop-down, select SAML-based Sign-on.
- Next, obtain your unique Sign in URL by completing the following steps:
- Log into KnowBe4.
- Click your email address on the top right and then click Account Settings.
- Navigate to the SAML section and find your unique Callback URL and Sign in URL.
- Once you obtain the SSO Sign In URL for your account, complete the following steps on the Configure App Settings page:
- In the Identifier text box, enter KnowBe4 (case-sensitive).
- In the Reply URL text box, enter the unique Callback URL you obtained in Step c, above.
- In the Sign on URL text box, enter the unique Sign in URL you obtained in Step c, above.
You only need to fill out the other fields in particular circumstances. For instance, if you are using MFA for Azure, you’ll need to add your callback link to the Relay State field.
- In the User Attributes & Claims section, delete these fields:
- Edit the Source attribute under Unique User Identifier to user.mail.
- Next, copy the Thumbprint shown under the SAML Signing Certificate section.
- Then, copy the Login URL from the Set up section to send along with the above SHA-1 Thumbprint.
Note: You will need to paste the Thumbprint and Login URL in the IdP SSO Target URL and IdP Cert Fingerprint fields during your SAML Single Sign-on setup for the Security Awareness Training Platform.
- Click the Users and groups tab, then the Add user button to add your groups or users.
- Choose the groups or users to add to the app and click the Select button.
- Once the users and/or groups have been selected, click the Assign button.
- To complete the configuration, follow the instructions listed in our How to Guide.
If you need to pass a different attribute to us, you can do so by modifying the User Attributes & Claims section.
Still need assistance? Submit a support ticket.