In some scenarios, you want to guarantee the authentication of users before viewing Knowi content. Single sign-on enables the users signed into your application to view a protected-private Knowi resource without the need of signing in once again on Knowi. Afterward, a new browser session and cookie will be issued to the browser.
User identity, permissions, access level, and attributes are all constructed within the browser session of the single sign-on user, which is created using a unique customer token. Anyone with access to the customer token may create an SSO user to which that Knowi instance is connected to, as any user, with any permission. See our example code to learn how to generate an SSO flow.
Generating Knowi Customer Token:
In order to create and manage SSO users, you'll first need a Knowi SSO Customer Token.
Step 1: On the left-hand side menu, click User Settings. Select the Account Settings tab.
Step 2: From the Customer Settings section, select “Generate” in the SSO Token field .
Protect the Knowi SSO Token as you would any credentials to your Knowi instance and keep SSO Token section disabled if you’re not using it.
Note: Contact support@knowi.com if the SSO TOKEN option is not available in your Knowi Customer Settings section.
Getting Started:
Embedding with SSO requires some code writing to seamlessly integrate into your web application. You can find several example scripts on our SSO examples GitHub repository.
The following simplifies the information needed to embed with SSO.
1. User Token: Create an SSO user within your account using your Knowi SSO Customer Token
curl -i -X POST -d "user=email@domain.com&ssoCustomerToken=<SSO_TOKEN>" https://www.knowi.com/sso/user/create
Additional parameters can passed when generating a creating an SSO user token, such as assignment to groups, roles/permission, user filters. See the API reference for usage.
2. Session Token: Create a new session token using the returned token from step 1
curl -i -X POST -d "user=email@domain.com&userToken=<USER_TOKEN>" https://knowi.com/sso/session/create
3. Embed: Write a Javascript file with the session token returned from step 2
function loadKnowiUser() {
Knowi.render('#knowi-div', {
type: "single",
token: "BYhXXCeu0Ego8zA1FqtLOOM4BDWot5AYBLI7PWrQTbsie",
url: "https://www.knowi.com/",
view: {
title: true,
header: true
}
}, function () {
});
}
Note: Alternatively, you can log in directly on a browser or iFrame the URL using the session token returned from step 2
https://www.knowi.com/sso/user/login?token=<SESSION_TOKEN>