Knowi uses single sign-on (SSO) for Enterprise users to simplify the sign-in process and allow access to Knowi using several authentication sources, including Okta. Your Workspace must be subscribed to the Enterprise plan if you wish to set up SSO.
If you're the Admin of your company's Enterprise account, you can configure SSO using the following steps:
- Go to your SAML tab by clicking on Settings in the left navigation bar then User settings. Click on SAML then Add. Keep this tab open, as you'll be returning to your Knowi Workspace later.
- Open up your Okta admin portal and set up a new application using the Applications tab. Select SAML 2.0 as your sign-on method. Configure your new integration by naming it Knowi and adding a logo if you want.
- You'll now see Knowi's SAML Settings. Start with the General section below. You'll need to grab some information from Knowi and input it into Okta:
• Paste the SSO URL from Knowi into the Single sign on URL field on Okta.
• Paste the Audience URI from Knowi into the Audience URI (SP Entity ID) field on Okta.
• For Name ID format, choose Unspecified.
• For Application username, choose Okta username.
- Scroll down to Attribute Statements in Okta. You'll need to map your fields:
• For userId, map to the value within your organization's Okta setup.
• For userEmail, map to the value within your organization in Okta. Note: It's important to follow the same capitalization format in your organization when you add this name.
• For userLogin, map to your organization's Okta value as well. Capitalization matters here, too.
Knowi doesn't yet support group attribute statements, so you can leave that portion blank.
- Hit next and fill out the final Okta form according to your own preferences. This won't impact anything in your Knowi Workspace.
- Your application is ready! You'll now need to take some information from Okta and bring it back to your Knowi portal. Start by clicking View Setup Instructions in your Sign-on Methods settings.
• Paste your IdP SSO URL under Identity Provider Single Sign-ON URL in your Knowi SAML settings where it says IdP URL.
• Paste your IdP Issuer under Identity Provider Issuer in your Knowi SAML settings where it says IdP Issuer.
• Copy and paste your X.509 Certificate from your setup instructions in Okta to your Knowi SAML settings.
- You can Test configuration and Save the Knowi SAML settings.