Configuring SAML for Centrify
The below steps will allow you to configure single sign-on with Centrify. This will allow you to enable your users to automatically sign-in to KnowBe4 for their security awareness training.
- In your Centrify Admin Portal, add KnowBe4 as a Web App. To do this, follow steps 1-5 in this article provided by Centrify.
- Completion of step 5 will take you to the Settings page of the KnowBe4 web app. Here, you have the option to customize your KnowBe4 web app by adding our logo or providing a description of the application.
- Beneath Settings on the left, select Trust. This will take you to the Trust page.
- Scroll down to the Service Provider Configuration section and select the Manual Configuration option.
- Enter KnowBe4 in the SP Entity ID/Issuer/Audience field.
- In your KnowBe4 console, locate your SSO Callback URL.
- Log in to your KnowBe4 account.
- Click on your email address on the top-right and click Account Settings.
- Scroll down to the SAML section and expand the SAML Settings tab.
- Copy your unique SSO Callback (ACS) URL.
- Enter your Callback URL in the Assertion Consumer Service (ACS) URL field and check Same as ACS URL for the Recipient field.
- Choose the Assertion option for Sign Response or Assertion and select emailAddress from the NameID Format drop-down.
- In your KnowBe4 console, locate your SSO Sign-out URL (see step 6).
- Enter your Sign out URL in the Single Logout URL field.
- Select InternetProtocol from the Authentication Context Class drop-down.
- Click on the Save button.
- Beneath Trust on the left, select Account Mapping. This will take you to the Account Mapping page.
- Under the Account Mapping section, select the Directory Service Field option.
- Enter mail in the Directory Service field name field.
For more information about Account Mapping, view this article provided by Centrify.
- Click the Save button.
- Copy the IDP SSO Target URL and IDP Cert Fingerprint and follow the instructions in this article to complete the setup.