Skip to main content

SAML with OKTA

SAMLThe following example assumes your Knocknoc instance is alocated complicatedat topic,https://demo.knoc.cloud. withWherever manyyou variables,see sothat, please takesubstitute it for your own instance URL.

Setting Up the timeIdP

to

Create read through the documentation and check all the settings are correct.

First we need a newan Application

in
    Okta:
  1. Click Create App Integration,Integration
    2. and then select
  2. Select SAML 2.0
  3. Set an App name,name. EG(e.g Knocknoc
    Knocknoc)
  4. Optional: Upload a logologo.
    5. if
  5. Click youNext.
    6. like:

  6. Click

    image.png

    OK

    7. Then Next
    OK

  7. Enter the Single sign-on URL is:(e.g https://demo.knoc.cloud/api/saml/acsacs)
    8. and leave
  8. Leave Use this for Recipient URL and Destination URL ticked

    ticked.

    9. The

  9. Enter the Audience URL (SP Entity ID)ID is:URL e.g https://demo.knoc.cloud/api/saml/metadatametadata)

  10. Leave Default Relay State blankc

    blank

  11. Set Name ID Format :as Persistent

  12. Set Application user:user as Okta Username

  13. Click Show advanced Settings

    settings

  14. Upload your own certificatecertificate, one can be created like so:

    On your own PC or similar:
    Makeon a newLinux certmachine andusing key:the following command.

    openssl req -new -x509 -days 3650 -nodes -subj /CN=Knocknoc/ -out user-demo-knoc-cloud.crt -keyout user-demo-knoc-cloud.key


  15. Leave other options default

  16. Add

    an Attribute statements

    statement with the following settings

image.pngimage.png

SAML Signing Certificates

In

    SAML signing certificates, delete
  1. Delete the original onecertificate, thereit (itsis probablylikely SHA1 andwhere yourthe newnewly generated one is SHA2).

    SHA2

    2. You then need to

  2. View the IDP metadata,metadata and save it

     as an XML file.

Knocknoc SettingsAssignments

Upload

  1. Assign the saved IDP metadataApplication to your users.
  2. Enable the option to send Groups, to allow the users to be automatically assigned to the correct ACLs.

Knocknoc asSAML SAMLMetadataFile

Config

Set

  1. Login In the Knocknoc admin interface.
  2. Click on Settings on the left.
  3. Under Public URL toenter youryou Knocknocknocknoc instanceurl. URLNote: (withoutdo thenot add a / at the end!)

    end

    Setof the SAMLMetadataURLURL.

    4. to
  4. For the SAMLMetaDataFile, upload the xml file you downloaded from EntraID.
  5. For the SAMLCertFile, upload the certificate (.crt) file you created in during the SAML Configuration.
  6. For the SAMLKeyFile, upload the key (.key) file you created in during the SAML Configuration.
  7. For the SAMLMetadataUrl, paste the Metadata DetailsDetails, Metadata URL from the Okta control panelpanel.
    Upload
    8. your
  8. Click certificateSave.
    9. and key you made earlier.

    Assignments

    You also need to assign the Application to your users, and make sure you send Groups, so the Groups can map to Knocknoc groups and have ACLs assigned to them.

Back to top