Skip to main content

SAML

SAML is a complicated topic, however it represents the best option for securing users, and providing a centralised user management platform. There are many SAML providers, and unfortunately they all seem to have different terms for the many configuration options available. Knocknoc is tried and tested with a few of them, and no doubt the configuration can be adapted to work with any standard SAML2 implementation.

SAML is the preferred authentication provider with Knocknoc, as user secrets never pass through the server, and management of the users and groups to ACLs is very simple. 

Knocknoc SAML Notes

Knocknoc can have 2 separate IDPs for the user login and the /admin login. This lets MSPs or security teams be able to manage the users, without having ACLs granted.

You can also simply use the same IDP for users and admins, add only assign the SAML admin application to admins.

Groups in SAML

Your groups in SAML need to be matched to the groups in Knocknoc, as the IDP sends them on login, and Knocknoc needs to match them to see what ACLs to grant the user. You simply create a group in Knocknoc that matches the name of the SAML IDP group - eg "AWSDevs" and then assign the ACLs you want  that group to have. Members of the group will get the ACL on signin, as the IDP sends which groups the user is a member of.

 

 

Back to top