Skip to main content

SAML with CyberArk

CyberArk integrates with Knocknoc via the "Web Apps" component, passing through SAML assertions.

 

Knocknoc SAML config

  1. Log in to the Knocknoc Admin interface
  2. On the Settings page configure the PublicURL (eg: https://knocknoc.yourserver.com)
  3. Create and upload a key/cert (see below)
  4. Save these settings, this enables the SAML metadata file for consumption by CyberArk.
  5. In another tab, open the CyberArk configuration and follow below. You need to return to this Knocknoc Admin tab for the final step, providing the CyberArk SSO URL back to Knocknoc.

CyberArk configuration

  1. Create a Web App and establish the base settings.
  2. Create the SSO  link and copy the URL, log back in to Knocknoc in another tab and place this URL in the "samlMetadataUrl" setting, click Save in Knocknoc.
  3. Under "Service Provider Configuration" enter the SAML metadata URL in the location, and select Load. The URL will be https://knocknoc.yourserver.com/api/saml/metadata
  4. Save

    Help guide for self-hosted: https://docs.cyberark.com/pam-self-hosted/latest/en/content/pas%20inst/saml-authentication.htm 

     

     

    To create a key/cert pair for uploading in to the Knocknoc portal or connected IdP, follow the below:

    1. Generate a new certificate and key, this can be done on a Linux host using the below command.
      openssl req -new -x509 -days 3650 -nodes -subj /CN=Knocknoc/ -out user-demo-knoc-cloud.crt -keyout user-demo-knoc-cloud.key
    2. If required, convert the certificate to pfx using the following command.
      openssl pkcs12 -export -out user-demo-knoc-cloud.pfx -inkey user-demo-knoc-cloud.key -in user-demo-knoc-cloud.crt

    Back to top