How to Enable SAML on Your Account Management Console

To enable SAML on your account management console, follow the steps below. For more information about SAML integration before getting started, see our What is SAML Integration? article.

1. Log in to your reseller account and click on your email address in the top-right. Then, select Account Settings.
   
2. Scroll down to the SAML section of the page. Click the plus sign icon to expand your SAML settings. In this section, you will find your SSO Sign-in URL and SSO Entity ID. This information will be needed to create a SAML connection in your IDP.

   Note: Some SAML providers (such as Okta) require you to use the SSO Callback (ACS) URL instead of the SSO Sign-in URL. For a service provider-initiated login, you will have to use your SSO Sign In Url.

   

   Note: If you manage multiple accounts that use the same Identity Provider account for single sign-on, you may be unable to use the same entity ID for each of your KnowBe4 accounts. You have the option to generate a unique entity ID for each account from the Account Settings page of that account. For more information, see the SAML section of our How to Edit Account Settings article.

3. Locate your IDP information. Then, enter your IDP SSO Target URL and IDP Cert Fingerprint.

   Note: Only SHA-1 and SHA-256 fingerprints are supported.

   

4. Click the SAML Enabled check box.
5. To apply all of your changes, click on the Update Profile button at the bottom of the page.

Back to top