Egress

Share

Is this article helpful?

Last updated:

Configure Okta Single Sign-On

Okta single sign-on (SSO) lets users automatically sign in to KnowBe4 Prevent, Defend, and Protect with their Okta credentials on corporate devices. This feature provides easy access to cloud-based applications without additional on-premise components.

Note: This configuration works for web-based logins and the KnowBe4 email security add-in.

Prerequisites

Before you begin configuring Okta, make sure you meet the following requirements:

  • Admin access to your Okta organization
  • Admin access to your KnowBe4 portal
  • Your KnowBe4 regional URL

Configure Okta Application

To create a SAML integration in Okta, follow the steps below:

  1. Log in to your Okta organization using admin credentials.
  2. In the admin console, navigate to Applications > Applications.
  3. Select Create App Integration.
  4. Select SAML 2.0 as the Sign-in method.
  5. Click Next.

To configure the SAML integration general settings, follow the steps below:

  1. Enter an App name.
  2. Optionally upload an App logo.
  3. Select Next.
  4. Enter the Single sign on URL, Audience URI, and Default RelayState for your region:
    1. UK - https://switch.egress.com/ui/
    2. US - https://us1.esi.egress.com/ui/
    3. EU - https://eu1.esi.egress.com/ui/
  5. Select Show Advanced Settings.

  6. Add the following Attribute Statements.

    Name Name Format Value
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname Basic user.firstName
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname Basic user.lastName
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress Basic user.email
  7. Select Preview the SAML Assertion to verify your configuration.
  8. Select Next.
  9. In the Feedback tab, select I’m an Okta customer adding an internal app.
  10. Select Finish.

Link Okta to KnowBe4

To locate the Identity Provider metadata URL, follow the steps below:

  1. In Okta, locate the application you just created.
  2. Select Sign On.
  3. Select Identity Provider metadata.
  4. Copy the metadata URL of the browser that opens.

To link Okta to KnowBe4, follow the steps below:

  1. Navigate to your KnowBe4 portal:
    1. UK: https://switch.egress.com/ui/
    2. US: https://us1.esi.egress.com/ui/
    3. EU: https://eu1.esi.egress.com/ui/
  2. In the admin panel, open SSO Configuration.
  3. Select Use single sign on.
  4. Enter a provider description. This text will display when users log in.
  5. In the Metadata URL field, paste the URL you copied from Okta.
  6. Select Load metadata.
  7. Select Save.
Note:Make a note of the Endpoint URL to be used for SSO with the KnowBe4 Email Security add-in.

Configure SCIM Provisioning (Optional)

SCIM provisioning automatically creates and removes user accounts in KnowBe4 based on your Okta directory.

To enable SCIM in KnowBe4, follow the steps below:

  1. In SSO Configuration, select Enable SCIM provisioning.
  2. Select Save.
  3. Copy the SCIM v2 URL and SCIM v2 secret. You'll need these values in the next steps.

To configure provisioning in Okta, follow the steps below:

  1. In Okta, locate the application previously created and navigate to General > App Settings.
  2. Select Edit.
  3. Navigate to Provisioning > Integration > SCIM Connection.
  4. Select Edit and enter the following:
    1. SCIM connector base URL: Enter the SCIM v2 URL from KnowBe4.
    2. Unique identifier field for users: Enter email.
    3. Supported provisioning actions: Select all options.
    4. Authentication Mode: Select HTTP Header.
    5. Authorization: Enter the SCIM v2 secret from KnowBe4.
  5. Select Test Connector Configuration to verify the connection.
  6. Select Save.
  7. Navigate to the Provisioning tab.
  8. Select Edit.
  9. Enable the provisioning features you want to use.
  10. Select Save.
  11. Scroll down the page to find the Attribute Mappings.
  12. Keep only the required attributes: username, firstName, lastName, and email.
  13. Select Save.

To assign uses to the application, follow the steps below:

  1. In the Okta SSO application, select the Assignments tab.
  2. Select Assign and choose one of the following options:
    1. Assign to People to add individual users.
    2. Assign to Groups to add Okta groups.
  3. Select the users or groups you want to add.
  4. Set their username.
  5. Select Assign.
  6. Select Done.

Configure Log in to KnowBe4 Email Security Add-In

For users to be able to sign into the KnowBe4 Email Security add-in, the Endpoint URL from the SSO Configuration will need to be used within a registry key to link the add-in and application for authentication.

To enable SSO for the KnowBe4 Email Security add-in, follow the steps below:

  1. In the KnowBe4 admin panel, navigate to SSO Configuration > Show details.
  2. Enter the Endpoint URL.
  3. Deploy the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Egress\Switch HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Egress\Switch

Required values:

Value Name Value Data
IdentityProviderHost Enter the Endpoint URL.
Server Enter your Egress server URL:
  • UK: switch.egress.com
  • US: us1.esi.egress.com
  • EU: eu1.esi.egress.com

Was this article helpful?

1 out of 1 found this helpful

Can't find what you're looking for?

Contact Support