The below steps will allow you to configure single sign-on with Centrify. This will allow you to enable your users to automatically sign-in to KnowBe4 for their security awareness training.
Note: Make sure the email address that your users use to authenticate with SAML is either entered into the Email or Email Aliases field of their User Profile. However, only the email address listed in the Email field will receive training notification emails. For more information about adding information to user profiles, see our User Profile Guide.
- In your Centrify Admin Portal, add KnowBe4 as a Web App. To do this, follow steps 1-5 in this article provided by Centrify.
- Completion of step 5 will take you to the Settings page of the KnowBe4 web app. Here, you have the option to customize your KnowBe4 web app by adding our logo or providing a description of the application.
- Beneath Settings on the left, select Trust. This will take you to the Trust page.
- Scroll down to the Service Provider Configuration section and select the Manual Configuration option.
- Enter KnowBe4 in the SP Entity ID/Issuer/Audience field.
- If a unique entity ID was generated for your KnowBe4 account, use the ID shown in your Account Settings.
- In your KnowBe4 console, locate your SSO Callback URL.
- Enter your Callback URL in the Assertion Consumer Service (ACS) URL field and check Same as ACS URL for the Recipient field.
- Choose the Assertion option for Sign Response or Assertion and select emailAddress from the NameID Format drop-down menu.
- In your KnowBe4 console, locate your SSO Sign-out URL (see step 6).
- Enter your Sign out URL in the Single Logout URL field.
- Select InternetProtocol from the Authentication Context Class drop-down menu.
- Click on the Save button.
- Beneath Trust on the left, select Account Mapping. This will take you to the Account Mapping page.
- Under the Account Mapping section, select the Directory Service Field option.
- Enter mail in the Directory Service field name field.
- Click the Save button.
- Copy the IDP SSO Target URL and IDP Cert Fingerprint and follow the instructions in this article to complete the setup.