How Do I Configure SSO/SAML for KCM GRC with OneLogin?

KnowBe4's KCM GRC platform supports SAML 2.0, so your users can quickly and easily log in to KCM using your organization's single sign-on (SSO) provider, without having to set up or use a password.

This article provides instructions for configuring single sign-on with OneLogin and your KCM GRC platform. You must be an account administrator to set up SSO for your KCM GRC platform. You'll also need access to your organization's OneLogin administrator portal to follow the steps in this article. 

Important: After you configure SAML for your KCM GRC account, users must log in by using single sign-on. For new accounts, users will still be required to activate their account. To learn more about this user experience, see our How to Activate and Access Your KCM GRC Account With SSO/SAML article.
Note:Because they are external user roles, Auditor and third-party Vendor Users cannot log in to KCM GRC by using single sign-on. As an alternative option for authentication security, you can make multi-factor authentication mandatory for these accounts. For more information, see our How to Enable and Configure Multi-Factor Authentication article.

First, you'll add the KCM GRC application to your OneLogin portal. Then you'll import or add the necessary metadata into your KCM GRC account to complete the setup. Follow the sections below for details. 

Jump to:

Add The KCM GRC Application to your OneLogin PortalConfigure your SSO Settings in KCM GRCTest SSO Integration

Add The KCM GRC Application to OneLogin 

  1. From your OneLogin account, click Apps, then Add Apps.
  2. Use the search bar to find the KCM GRC Platform SAML 2.0 application (app).
  3. Use "KCM GRC Platform" or another Display Name, then click the Save button toward the top-right of the page.
  4. Now, obtain your KCM GRC account name and add it to the Account Name field. Your organization's account name is part of the URL used to access your KCM platform.For example, if you use to log into your account, your Account Name is yourorganization.
  5. Click the Save button.
  6. From your OneLogin console, navigate to the SSO tab.
  7. From the SAML Signature Algorithm drop-down menu, select SHA-256. Then, click the Save button at the top-right. 
  8. Then, click the More Actions drop-down button, and choose SAML Metadata. This will download your OneLogin metadata XML file to your machine. You will import this file into your KCM account.

Follow the steps in the next section to add your OneLogin metadata to your KCM GRC account.

Configure your SSO Settings in KCM GRC  

  1. Log into your KCM GRC account, then click Settings, and Account Settings. Then, click the SSO Settings tab.
  2. From the SSO Provider Config area, click the Upload SSO Metadata button and locate the XML file that you've downloaded from OneLogin (see step #8, above).
  3. After the file import is complete, select OneLogin from the SSO Provider drop-down menu.
  4. Click the Save button at the bottom left-hand side of the page.
    Note:As a precaution, account administrators will retain the ability to log in to KCM GRC with their password.

Now you have the option to test your SAML configuration. See the next section for details. 

Test SSO Integration

  1. Once you've completed the steps above, click the Test SSO Integration button to ensure you can use OneLogin SSO with your KCM GRC platform.
  2. A new tab will open and attempt to initiate OneLogin's single sign-on. If you're logged into your OneLogin account with an email address that is also used for your KCM account, the new tab should redirect to your KCM GRC Global Dashboard. This confirms that your SSO is successfully configured. 

If you're experiencing issues, please contact our KCM GRC support team

Can't find what you're looking for?

Contact Support