SAML with OKTA

The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Wherever you see that, please substitute it for your own instance URL.

Setting Up the IdP

Create an Application

1. Click Create App Integration
2. Select SAML 2.0
3. Set an App name. (e.g Knocknoc)
4. Optional: Upload a logo.
5. Click Next.
6. Click OK
7. Enter the Single sign-on URL (e.g https://demo.knoc.cloud/api/saml/acs)
8. Leave Use this for Recipient URL and Destination URL ticked.
9. Enter the Audience URL (SP Entity ID URL e.g https://demo.knoc.cloud/api/saml/metadata)
10. Leave Default Relay State blank
11. Set Name ID Format as Persistent
12. Set Application user as Okta Username
13. Click Show advanced settings
14. Upload your own certificate, one can be created on a Linux machine using the following command.
    openssl req -new -x509 -days 3650 -nodes -subj /CN=Knocknoc/ -out user-demo-knoc-cloud.crt -keyout user-demo-knoc-cloud.key
    
15. Leave other options default
16. Add an Attribute statement with the following settings

SAML Signing Certificates

1. Delete the original certificate, it is likely SHA1 where the newly generated one is SHA2
2. View the IDP metadata and save it as an XML file.

Assignments

1. Assign the Application to your users.
2. Enable the option to send Groups, to allow the users to be automatically assigned to the correct ACLs.

Knocknoc SAML Config

1. Login In the Knocknoc admin interface.
2. Click on Settings on the left.
   
3. Under Public URL enter you knocknoc url. Note: do not add a / at the end of the URL.
4. For the SAMLMetaDataFile, upload the xml file you downloaded from OKTA.
5. For the SAMLCertFile, upload the certificate (.crt) file you created in during the SAML Configuration.
6. For the SAMLKeyFile, upload the key (.key) file you created in during the SAML Configuration.
7. For the SAMLMetadataUrl, paste the Metadata Details, Metadata URL from the Okta control panel.
   
8. Click Save.