Sync Employees with Google and/or OKTA
Planificată
It's a royal pain to maintain the employe listing in KnowBe4, because we do not use Active Directory (which is pretty common for newer companies). Can you consider integrating with Google for employee sync, or even a SSO provider like OKTA.
I'm uploading spreadsheets on a monthly basis
-
Comentariu oficial
Hi John,
Thank for your request! I have forwarded your idea to our development team for review. We base a lot of our development on customer feedback so we appreciate your input.
Thanks again!
Lauren
KnowBe4Acțiuni comentariu -
Hi Jon,
It sounds like what you're looking for is support for the SCIM protocol, which is part of Okta lifecycle management and Google GSuite.
I would also love to have this, as it makes it a snap to move/add/change users, gives me one source of authority for user properties, and doesn't require separate AD agent for every cloud application, each with their own sync schedule.KnowBe4 developers, check out https://developer.okta.com/docs/concepts/scim/faqs/ for details on integrating with Okta's implementation of the SCIM protocol
-
I'm looking to do the same and I don't believe that Lauren's answer is correct. Sure you support OKTA as a SSO provider but as far as I can see you don't support OKTA as a authentication provider. So if you have the phishing only platform and don't want to/can't set up login users, but DO want to sync your list of users, you can't do this. As Jon says this is a PITA. Please add OKTA LDAP Sync or similar.
-
Is this feature request gaining additional traction since the original request back in 2017? Manually Provisioning user details for anyone not using Azure AD is a huge waste of time. SCIM w/ IDP's such as Okta is long overdue. I am sure I can speak for quite a few existing customers that currently use Okta (or other IDP's capable of SCIM) for SSO into KnowBe4 would rather see Provisioning/DeProvisioning addressed and figured out rather than new bells and whistles of additional insights, etc. KnowBe4 is already a great product, but this component is greatly lacking. Been waiting on this since 2019 and no end in sight. It's definitely frustration at this point. Thank you in advance for making this a huge priority!
-
Hello Andrew, Thank you for adding your voice to this request.
That's how our Dev team knows what features are being requested.I've submitted a request for you on this item and made sure that I added your references to the request so our development team has those.
Thank you for contributing to the community board we always appreciate the input.
-
Hi Jason,
I might be able to some clarification, We do offer Authentication to our console via SSO. As in your users can use it to log in from the OKTA portal, but we do not have full user provisioning with Okta. We can modify the console so that a user's profile is created when they attempt to log in by following the directions here.
Although you are correct in that someone using a phishing only platform would not be able to utilize user import in that manner. The other means of user provisioning are ADI sync,
So I'll go ahead and create an additional feature request on this item for you for full SAML provisioning and get that over to our development department. They take these items seriously and love hearing from our customers on what we can implement to improve the process.
Thank you again for contributing! We always appreciate the feedback. -
Thanks for your reply Douglas.
Okta also has a feature called Event Hook, which can post user data onto an application, in order to feed application's user repository.
Okta sends a post each time a user is created, Application has to expose an endpoint able to read those post, in JSON format.
Does KB4 has such feature (endpoint) ?
-
There is an LDAP sync agent or the AD Sync agent that works over LDAP which is hard coded to some very AD specific parameters and won't work with other LDAP systems? I spent a lot of time at the start of the year trying to use the AD LDAP agent with Okta and Foxpass LDAP and I could get it to read and discover the users, but it wouldn't sync as it was looking for AD specific parameters which caused the process to fail. I provided all of the information to our account rep when I did the testing.
-
Hey David,
That is pretty much correct. We use a designated AD sync tool to connect to active directory and provision users. The tool packages the data into a .JSON file and sends it via API to the console. We have had customers successfully initiate that sync utilizing their own platforms that have the capacity to generate those .JSON files and send successfully.
This method is not currently supported by KnowBe4 at this time though.
Vă rugăm să vă autentificați pentru a lăsa un comentariu.
Comentarii
54 comentarii