Skip to main content

SAML

SAML is an in-depth topic, however it represents the best option for securing users, and providing centralized user management. There are many SAML providers, and no single convention on configuration and implementation. Knocknoc is tried and tested with a few of them, and the configuration customizable enough to be adapted to work with any standard SAML2 implementation.

SAML is the preferred authentication provider with Knocknoc, if you are unfamiliar with SAML here is an overview on the general principles and terms.

SAML and Knocknoc

Knocknoc can support 2 IdPs, one for the user logins and one for the admin interface login. This lets MSPs or security teams be able to manage the users, without being granted ACLs to the services being protected.

In single IdP environments Knocknoc supports users and admins from a single authentication source. Admin access can be authorized using groups or other keys within the IdP response.

Groups in SAML

To utilize group assignment via SAML the group names provided by the IdP need to match the group name configured in Knocknoc and the IdP needs to be configured to send the group on login.

Implementing SAML in Knocknoc

When configuring SAML in Knocknoc:

  1. Identify the IdP and SP: Knocknoc is the SP, and your provider is the IdP (e.g OKTA, EntraID, Jumpcloud).
  2. Configure Assertions: Customize the assertions to include the necessary user information, this can include sending group information and/or static assertions.
  3. Select Bindings and Profiles: Choose appropriate bindings and profiles based on your use case.
  4. Test the SAML Flow: Ensure that the authentication flow works as expected and is secure, SAML responses can be tested using tools like SAML trace.
  5. Monitor and Update: Regularly monitor the SAML setup and update as necessary, considering any new security patches or compliance requirements.