Search Results

Knocknoc licensing and pricing can be found on the Knocknoc website. Once you have obtained your license and have either completed the self-hosted install or received the login details for your cloud hosted instance: Copy your license key from the Knocknoc Li...

Groups in Knocknoc map users to Knocs. Users can be assigned to multiple groups, to create a group in Knocknoc; Browse to the Knocknoc admin interface. Click on Groups on the left. Click Create Group on the right. Enter the name of the Group. If the Gr...

For additional security and temporal access control, Knocs support a "click to grant" and "click to revoke" option. This requires the user to click a button after logging in, prior to each grant being processed. This offers an additional layer of security and ...

Admins in Knocknoc can log in to /admin on their Knocknoc server, however they can't be granted ACLs. This separates out regular logins from admin logins, and allows for best practice. You can create an Admin using this dialog box if required. SAML is the pre...

Settings The Settings page lets administrators configure authentication, server options, threat intelligence, branding, and other system-wide preferences. Open it from the Admin portal sidebar. Some sections are hidden when running on Knocknoc Cloud.   License...

NTP It's important that ALL the servers within the Knocknoc cluster and agents are synchronized and set to the correct time.  We recommend using chrony on a Linux VM to keep the time, but any NTP implementation would work. Time is an important aspect of authen...

The Knocknoc server will need to be able to contact your LDAP server on port 389 or 636. This is determined by the LDAP URL in the Settings: ldap://myldap.domain.com - this format says port 389 ldaps://myldap.domain.com - this format is port 636 Please make...

Running Knocknoc behind HAProxy could be a great option for people with existing HAProxy deployments, or who want to unify certificate and other management tasks. Here is a sample HAProxy config for Knocknoc as a backend: frontend Sol1-Frontend bind 0.0.0...

Cloud SaaS or self-hosted server? You can run your Knocknoc server either as a managed cloud instance (we host it) or you can self-host it. Should I deploy a cloud or self-hosted instance of Knocknoc? The answer will depend on a few factors. For example, if yo...

This is an example that lets you use Shorewall https://shorewall.org/index.html and IPsets to dynamically allowlist IPs. You can achieve great power with these simple steps: Install the Knocknoc Agent on the Shorewall host and enroll it into the Knocknoc serv...

Checking to see if an ACL is present in HAProxy For when you aren't sure if the whole process is working, you can manually connect to the HAProxy socket and print out the contents. socat is the way forward here. Install it with your favorite package manager, a...

User creation varies depending on the authentication source in use. "SAML users" are created on-the-fly from your IdP into Knocknoc once SAML is established, "local" users will need to be created within the admin interface and LDAP users will need to be config...

SAML for the admin interface is the same as SAML for the user base with a few very small alterations. Follow the existing guides for EntraID, OKTA or JumpCloud etc, while keeping the below in mind. If the same IdP is in use for users and admins, a second Ap...

Knocknoc can drive an nginx server's allow/deny list directly from the agent, without a wrapper script. Users authenticated by Knocknoc are added to a per-ACL include file (e.g. /etc/nginx/acl/librenms.acl) that the agent rewrites atomically, then reloads ngin...

Apache 2.4 and above have slightly different ACL syntax, so this page covers how you can use Knocknoc to manage ACLs. The script for managing Apache ACLs as per this document was added to knocknoc-agent in version 1.0.31 Setup for your Apache webserver SSH to ...

G Suite can be set up as an Identity Provider if you have G Suite Business Starter or above plan. The basis of this guide is the official docs here: https://support.google.com/a/answer/6087519?hl=en which should be referred to in case anything changes from the...

Azure Portal or specific Azure services can be further protected through the use of the Knocknoc Entra back end. This helps prevent or reduce ransomware and common Business Email Compromise (BEC) attacks and data theft/exfiltration through isolating user login...

Ivanti Connect Secure devices that have an outer firewall or control layer can be protected from unauthorized threat actors by implementing Knocknoc and firewall orchestration. This prevents direct internet access to the Ivanti Connect Secure devices prior to ...