Setting Up SAML Single Sign-on for Your Organization
KnowBe4's security awareness training console supports SAML 2.0, so your users can quickly and easily log in to KMSAT using your organization's single sign-on (SSO) or Identity provider (IdP) without having to set up or use a password.
You must be an account administrator to set up SSO for your security awareness training console. As a safeguard, account admins will retain the ability to log in to the security awareness training console with their password.
Currently, SAML single sign-on integration is only available for KnowBe4 accounts with an active subscription. To learn more about subscriptions, see our Service Pricing Levels page. If you have any questions or experience any issues setting up SAML single sign-on, please contact our support team.
Configure Single Sign-On
The steps and information needed for configuring SSO vary depending on your provider. Review the articles in the SAML Single Sign-on section of the Knowledge Base to find the correct steps for your provider.
Once you're ready to configure SAML single sign-on in your SSO provider, you'll need the following information from your security awareness console account.
- From your KnowBe4 console, click your email address in the top right corner and select Account Settings.
- Under Account Integrations, navigate to the SAML section.
- Find the following information by expanding the SAML Settings box:
- Sign in URL
- Sign out URL
- Callback URL
- Identifier: KnowBe4
- When prompted, enter the necessary information into your SAML single sign-on provider to finish configuring SAML single sign-on.
Add Your SAML Provider Information
Next, you'll need to add the information about your SAML provider under the SAML Provider Config section of your KMSAT console.
- From your KnowBe4 console, click your email address in the top-right corner and select Account Settings.
- Navigate to the SAML section.
- Expand the SAML Settings box. For more information on the available SAML settings, please see the SAML section of our KMSAT Account Settings: Account Integrations article.
- Enter your IdP SSO Target URL.
- Select either SHA-1 or SHA-256 button. By default, SHA-1 is selected.
- Click the Enable SAML SSO checkbox at the top of the SAML Settings box.
- When finished, click Save SAML Settings.
If you are a partner and want to enable SAML, please follow the instructions in our MSP/Reseller/Multi-Account Org: How to Enable SAML on Your Account Management Console article.
Test Your SAML Integration
You'll want to test your SAML integration to ensure you can use SSO with your KMSAT console successfully.
To test your SAML Integration, follow the steps below:
- Ensure the SAML Enabled box is checked, then click the Update Profile button at the bottom of the Settings page.
- Open an incognito window and navigate to your Knowbe4 login page.
- See our KnowBe4's Training Instances article for a full list of login links.
- Enter your email address for your KnowBe4 account.
- It should redirect you to log in to your SAML provider.
- After you've authenticated, you will be logged back into your KMSAT account if the integration is successful.
Note: Make sure the email address that your users use to authenticate with SAML is either entered into the Email field or Email Aliases field of their user profile. However, only the email address listed in the Email field will receive training notification emails. For more information about adding information to user profiles, see our User Profile Guide.
If you need any additional assistance setting up SAML Single Sign-on with your specific SSO provider, check out our How-to Enable SAML Single Sign-on for Your SSO Provider article.