Search Results

Gsuite can be setup as an Identity Provider if you have Gsuite Business Startter or above plan. The basis of this guide is the official docs here: https://support.google.com/a/answer/6087519?hl=en which should be referred to in case any thing changes from the...

The  FortiOS integration allows Knocknoc to dynamically add and remove user's source IP from a named address group. This address group can then be used in whatever Firewall rule you like, opening up many possibilities for securing access to systems behind Fort...

Overview This integration is designed to manage named locations in Microsoft Azure Conditional Access policies via the Microsoft Graph API. It allows users to add, delete, or flush named locations related to specific IP addresses. This system can also be used...

Azure Portal or specific Azure services can be further protected through the use of the Knocknoc Entra back end. This helps prevent or reduce ransomware and common Business Email Compromise (BEC) attacks and data theft/exfiltration through isolating user logi...

Ivanti Connect Secure devices that have an outer firewall or control layer can be protected from unauthorised threat actors by implementing Knocknoc and firewall orchestration This prevents direct Internet access to the Ivanti Connect Secure devices prior to ...

Protect your existing Fortigate or Palo investments from direct internet exposure by introducing Knocknoc. Remote management and administration interfaces, VPN services/ports or any service offered can be protected, requiring a centralised login prior to pres...

The Allowlist backend makes a list of active IP address grants available via the Knocknoc server API. This allows integration with appliances or clients that can be configured to poll a URL without the need for a Knocknoc agent to be deployed. This is sometime...

The following example assumes your Knocknoc instance is located at https://your-knocknoc.cloud/. Wherever you see that, please substitute it for your own instance URL. Knocknoc SAML config Login In the Knocknoc admin interface (eg: https://your-knocknoc....

Keycloak supports multiple authentication realms, so you must first select the appropriate realm for your organisation. Do not make any of the below changes in the Keycloak/master realm. In this example our realm is called "Acme" and Keycloak is hosted at htt...

Announcing Knocknoc 7.0  🚀 We’re excited to introduce Knocknoc 7.0, a landmark release packed with features to enhance security, usability, and performance. Here's what's new: Enhanced Security •    'Require Click' for User Access Grants: Access controls ca...

CyberArk integrates with Knocknoc via the "Web Apps" component, passing through SAML assertions.   Knocknoc SAML config Log in to the Knocknoc Admin interface On the Settings page configure the PublicURL (eg: https://knocknoc.yourserver.com) Create and ...

Knocknoc enables you to remove the attack surface of systems, by enacting just-in-time network/application-based allow-listing. It can operate in a number of ways - from orchestrating network access controls (eg: adding to firewall rules - whilst presenting n...

Background Knocknoc's Allowlist features provides a very powerful integration with firewalls that support a Dynamic Address Lists.  This feature pulls from the Knocknoc server a list of IPs of authenticated users, in the correct group/for the assigned firewal...

The Knocker utility is a command-line tool for managing various backends with ease. It provides commands for enabling, disabling, installing, uninstalling, and performing health checks for supported backends. Usage /opt/knocknoc-agent/knocker/knocker <comman...

Capturing additional client IP addresses A client may exhibit behaviour where multiple IP addresses are observed as part of the authentication request. Situations such as: Internal IP addresses (eg: 10.0.x.x / RFC1918), should the Server (or MYIP component...

In this example our Authentik instance is hosted at https://auth.example.com/ and is running version 2024.12.2 Our Knocknoc instance is a cloud instance with URL https://authentiktest.knoc.cloud. If you are using a cloud server, replace with your own URL, or ...

Passive, Active or a combination Passive - Knocknoc's Allowlist features provides a very powerful integration with firewalls that support a External Dynamic Lists or EDLs.  This feature pulls from the Knocknoc server a list of IPs of authenticated users, in t...

Below is a concise guide for a sysadmin (or developer) to set up and configure AWS WAF with a custom HTML 403 response and integrate it with your update-aws-waf-ipset.sh script (which follows the argument order <ACTION> <ACL_NAME_OR_ID> <IP_ADDRESS>). This gui...

Knocknoc keeps a track of the IPs and tries to be kind to users that share IPs. This means that if two users are coming from the same IP, revoking a session for the first user will keep the ACL in place. This is the meaning of: Last One Out Turn Off The Lights...

Logging is important - we love logging. Because of this, we have included an easy to find, follow and parse log output that provides an additional layer of visibility across your Knocknoc user activity, including logins, access grants, manual interactions, as...