To enable SAML on your account management console, follow the steps below. For more information about SAML integration before getting started, see our What is SAML Integration? article.
- Log in to your reseller account and click on your email address in the top-right. Then, select Account Settings.
- Scroll down to the SAML section of the page. Click the plus sign icon to expand your SAML settings. In this section, you will find your SSO Sign-in URL and SSO Entity ID. This information will be needed to create a SAML connection in your IDP.
Note:Some SAML providers such as Okta require you to use the SSO Callback (ACS) URL instead of the SSO Sign-in URL. For a service provider-initiated login, you will have to use your SSO Sign In Url.Note:If you manage multiple accounts that use the same Identity Provider account for single sign-on, you may be unable to use the same entity ID for each of your KnowBe4 accounts. You have the option to generate a unique entity ID for each account from the Account Settings page of that account. For more information, see the SAML section of our How to Edit Account Settings article.
- Locate your IDP information. Then, enter your IDP SSO Target URL and IDP Cert Fingerprint.
Note:Only SHA-1 and SHA-256 fingerprints are supported.
- Click the SAML Enabled check box.
- (Optional) Select the Disable non-SAML Logins for All Users check box to disable password logins for all users. Once selected, users will be required to log in with their SAML application and all bypass URLs will be disabled. This check box is only visible when the Enable SAML SSO check box is selected.
- (Optional) Select the Allow Account Creation from SAML Login check box to allow users who don’t already have an account to create a new account by entering their email address from the login window. If the SAML authentication is successful, the new user's account will be created. If you don’t enable this setting, users who do not already have an account will get an error message if they try to create an account. This check box is only visible when the Enable SAML SSO check box is selected.
- To apply all of your changes, click on the Update Profile button at the bottom of the page.
Note:When logging in to the partner portal via SSO or SAML, you must do so through your SSO or SAML service provider. The instance URL will not be supported once SSO or SAML has been enabled.