Skip to main content

Redirecting Users

Knocknoc supports a couple of ways to redirect users to and from Knocknoc, which can be useful for when you want users to get where they're trying to go ASAP.

Redirecting to a Referrer URL

This is the most basic way to redirect users to a custom URL from the Knocknoc Dashboard. To achieve this, simply add the referrer query parameter to the link used to access Knocknoc, for example: 
https://my.example.knocknoc.com?referrer=https://my.website.com

Note: The referrer link will only be redirected to if the user has a Knoc with a URL matching the same base as the referrer.

This can be useful as a static redirect, or it can also be dynamic, depending on your firewall configuration.

Always redirect to SAML login (per Knoc)

This is a per-Knoc option in the Knoc Options section. When a visitor reaches this Knoc's URL before logging in (for example via a referrer redirect), Knocknoc sends them straight to the SAML login instead of showing the local login page. It only applies when SAML is configured. Unlike Disable local user login, which is site-wide, this targets only the Knocs you enable it on, so you can force SSO for specific protected apps while leaving local login available elsewhere.

Always redirect to SAML login option in Knoc Options

Security consideration: Enabling this makes the Knoc's SSO enforcement probeable before authentication: an unauthenticated visitor can confirm whether a given URL matches a redirect-to-SAML Knoc, because a matching URL triggers the SAML redirect. This applies to every such Knoc, including ones set to Do not display to user. If you need to avoid this per-URL signal, use the site-wide Disable local user login option instead, which redirects every login to SAML regardless of URL.

Auto-Browse for a Single Knoc

The auto-browse option available within the Knoc configuration, automatically forwards the user after successful login, to the Knoc should it be the only Knoc they have available to them.

This can streamline the users' login experience, and depending on the protocol (e.g., https or sftp, SAP, etc) their workstation can automatically launch the required software if this sits outside the web browser.

Auto-browse users with only this Knoc option

Also note that if this is the user's only available Knoc, the card will not be visible prior to the auto-browse redirect.

Disable local user login

This option disables local user logins, meaning that users will only be able to log in with SAML. A benefit of this is that because only SAML logins are now enabled, when a user navigates to (or is redirected to) the Knocknoc log in page they will be automatically redirected into the SAML process.

Screenshot 2026-06-03 at 19.42.49.png

When combining this option with the above mentioned Javascript on your redirect page, it is possible to have an instant redirection from a resource protected by Knocknoc through to a logged in Knocknoc instance, so the user can quickly get access without overhead.

Instant redirects

There is a per-Knoc setting available when creating a Knoc or editing one in the Knoc Options section which will perform redirects instantly, instead of showing a countdown box before the redirect. This option will make redirections from the Auto-browse feature and Referrer URLs instant.

Instant redirects (no countdown) option in the Knoc Additional options

If this option is combined with the "Disable local user login" option, it is possible to have Knocknoc grant access to a protected resource for a user without them even seeing Knocknoc in the first place. To this, these steps are required:

  1. Protect the resource using Knocknoc, and include the above mentioned javascript in the access denied page
  2. Ensure local user logins are disabled, so the user is instantly directed through to their IDP SAML login
  3. Ensure instant redirects are enabled, and that there is a Knoc with a URL matching the base of the referrer URL included at step 1

If the firewall Knocknoc is integrating with is quick, access to the protected resource will be near instant, otherwise it way take up to a few seconds.

Javascript redirect

Useful for reverse proxies or websites, this Javascript can be used on your redirect page, then once the user is authenticated with Knocknoc they will be sent back to the page they were trying to access including the path.

<script>
        const baseUrl = 'knocknoc.mycompany.com';
        setTimeout(() => {
                const currentUrl = document.URL;
                if (!currentUrl || !baseUrl) return;
                try {
                        // Add https:// if the URL doesn't already have a scheme
                        let normalizedBase = baseUrl.trim();
                        if (!/^https?:\/\//i.test(normalizedBase)) {
                                normalizedBase = 'https://' + normalizedBase;
                        }
                        const redirectUrl = normalizedBase + '?referrer=' + encodeURIComponent(currentUrl);
                        const url = new URL(redirectUrl);
                        window.location.href = url.toString();
                } catch (err) {
                        console.error('Invalid redirect URL:', err);
                }
        }, 3000);
</script>