Getting Started

Licensing

Knocknoc licensing is based on the number of users. You will need to have a license to install the server, and a trial or monthly license can be obtained from the Knocknoc Licensing Portal. There is no limit on the amount of groups, backends, agents or ACLs configured. SAML support is also included out of the box!

Server Setup

You can run your Knocknoc server either as a managed cloud instance or self-hosted. Once it's up and running, you will be able to login to the admin panel and start configuration. Access to cloud instances is guided through the licensing portal and for self-hosted servers here is the self-hosted install guide. The self-hosted server assumes some systems administration knowledge, and generally the ability to have an inbound public IP for your users to access Knocknoc.

Agent Installation

The agents perform the backend work of updating ACLs, so you need at least one, even if it's on the same machine as Knocknoc server. You should install the agent in a location that can reach both the server (outbound https to the server) and the target backend.

Backends and ACLs

Backends and ACLs work hand-in-hand to provide a pathway for your fine-tuned group access. Here are the guides for currently supported backends. When a user authenticates to Knocknoc, grants are applied through ACLs to permit their access.

Groups and Authentication

While users can be created either locally or through SSO (Single Sign On) like SAML (recommended) or LDAP, groups are created locally in the admin portal. A group maps users to ACLs, providing fine-grained control over the resources they have access to.

Read more in the authentication guides and the group setup guide.

Test it out!

The first time you log in, take a look at how Knocknoc works and feels like magic. We can't wait for you to enjoy using Knocknoc every day.

Roll it out to your users

Once everything is ready, you'll need to communicate the steps for your users. To assist with this we are preparing some helpful onboarding resources designed to streamline this process as much as possible.

Monitor and Manage

Knocknoc can stream metrics using GELF, and can supply regular exports of user activity. It also has an audit trail function, so you can see exactly what resources which users had access to when. Security teams looking to track fine-grained access to network resources can export to CSV as required.

Consider Your Use Case

SSH

FortiOS, FortiProxy, Palo Alto, or SSL VPN

Ivanti Connect Secure

Remote Desktop

Web applications

Video

VOIP

AWS Infrastructure

Azure Portal

Licensing Knocknoc

Server Installation

Agent Installation

Knocker - a cli utility for agents

Create Users

Create Groups

Admins

Settings

Local Authentication (MFA included as an option)

SAML

SAML Principles and Terms

SAML with EntraID (Azure AD)

SAML with OKTA

SAML with Gsuite as IDP

SAML with Jumpcloud

SAML for the Admin Interface

SAML with Keycloak

SAML with CyberArk

SAML with Authentik

Knocknoc with ADFS

LDAP

IPSet (Linux Netfilter/IPTables)

Fortigate Address Groups (Fortinet)

Palo Alto

Juniper SRX with Allowlist

Allowlist

Microsoft Entra

HAProxy

IPsets with UFW

IPsets with Shorewall

Script Any Arbitrary Backend

AWS (EC2) Security Groups

AWS WAF Ipset

Mikrotik RouterOS

Nginx

Apache Webserver

ACLs

Additional client IP addresses

Time for NTP

LDAP Troubleshooting tips

Knocknoc server behind HAProxy

HAProxy tips and tricks

LOOTOTL - Last One Out Turn Off The Lights

Getting Started

Licensing

Server Setup

Agent Installation

Backends and ACLs

Groups and Authentication

Test it out!

Roll it out to your users

Monitor and Manage