Setting Up SAML Single Sign-on for Your Organization
KnowBe4's Security Awareness Training Platform supports SAML 2.0, so your users can quickly and easily log in to KMSAT using your organization's single sign-on (SSO), or Identity provider (IdP), without having to set up or use a password.
You must be an account administrator to set up SSO for your Security Awareness Training Platform. As a safeguard, account administrators will retain the ability to log in to the Security Awareness Training Platform with their password.
Currently, SAML Single Sign-on Integration is only available for KnowBe4 accounts with an active subscription. To learn more about subscriptions, see our KnowBe4 Pricing article. If you have any questions or experience any issues setting up SSO/SAML, please contact our support team.
Jump To:
Configure Single Sign-On
Add SAML Provider Information
Test SAML Integration
Additional Resources
Configure Single Sign-On
The steps and information needed for configuring SSO vary depending on your provider. Review the articles in our SAML Single Sign-on section to find the correct steps for your provider.
Once you're ready to configure SAML Single Sign-on in your SSO provider, you'll need the following information from your Security Awareness Platform account.
- From your KnowBe4 console, click your email address in the top right corner and select Account Settings.
- Under Account Integrations, navigate to the SAML section.
- Find the following information:
- Sign in URL
- Sign out URL
- Callback URL
- Identifier: KnowBe4
- When prompted, enter the necessary information into your SAML Single Sign-on provider to finish configuring SAML Single Sign-on.
Add SAML Provider Information
Next, you'll need to add the information about your SAML provider under the SAML Provider Config section of your KMSAT platform.
- From your KnowBe4 console, click your email address in the top right corner and select Account Settings.
- Navigate to the SAML section.
- Expand the SAML Settings box. For more information on the available SAML Settings, please see the SAML section of our Account Settings article.
- Enter your IdP SSO URL or your Target URL.
- Select either SHA-1 or SHA-256 button. By default, SHA-1 is selected.
- Click the Enable SAML SSO checkbox at the top of the box. A pop-up box will appear.
- When prompted, click Yes to save the SAML Settings.
If you are a partner and want to enable SAML, please follow the instructions in this article.
Test SAML Integration
You'll want to test your SAML integration to ensure you can use SSO with your KMSAT platform successfully.
To test your SAML Integration, follow the steps below:
- Ensure the SAML Enabled box is checked, then click the Update Profile button at the bottom of the Settings page.
- Open an incognito window and navigate to your Knowbe4 login page.
- See our KnowBe4's Training Instances article for a full list of login links.
- Enter your email address for your KnowBe4 account.
- It should redirect you to log in to your SAML provider.
- After you've authenticated, if it's successful you will be logged back into your KMSAT account.
Note: Make sure the email address that your users use to authenticate with SAML is either entered into the Email or Email Aliases field of their User Profile. However, only the email address listed in the Email field will receive training notification emails. For more information about adding information to user profiles, see our User Profile Guide.
Additional Resources
If you need any additional assistance setting up SAML Single Sign-on with your specific SSO provider, check out our How-to Enable SAML Single Sign-on for Your SSO Provider article.
Comments
0 comments
Article is closed for comments.