Skip to main content
Advanced Search
Search Terms
Content Type

Exact Matches
Tag Searches
Date Options
Updated after
Updated before
Created after
Created before

Search Results

25 total results found

Welcome

Overview

Welcome to the Knocknoc Documentation. This is a living document of current Knocknoc information and helpful guides. There is extensive documentation available, for admins and users alike. Please select from the following sections: User Guide - for end users...

LDAP

Admin Guide Authentication

Knocknoc can authenticate users to an LDAP server like Active Directory, by attempting to bind as that user with their password. This is useful when you have an on-premise LDAP server, and want to allow users to have a single password to manage. Knocknoc conf...

SAML

Admin Guide Authentication

SAML is an in-depth topic, however it represents the best option for securing users, and providing centralized user management. There are many SAML providers, and no single convention on configuration and implementation. Knocknoc is tried and tested with a few...

SAML Principles and Terms

Admin Guide Authentication

An overview of SAML principles and key terms to help you effectively configure and manage SAML with Knocknoc. What is SAML? SAML is an open standard for exchanging authentication data between parties, specifically between an identity provider and a service p...

SAML with Jumpcloud

Admin Guide Authentication

The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Wherever you see that, please substitute it for your own instance URL. Setting Up the IdP Creating An Application Login to your JumpCloud tenant as an administra...

SAML with EntraID (Azure AD)

Admin Guide Authentication

The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Wherever you see that, please substitute it for your own instance URL. Setting Up the IdP Create an Application Navigate to the Microsoft Entra admin center and lo...

SAML with OKTA

Admin Guide Authentication

The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Wherever you see that, please substitute it for your own instance URL. Setting Up the IdP Create an Application Click Create App Integration Select SAML 2.0 Set ...

Local Authentication

Admin Guide Authentication

Knocknoc supports local users, and many will find that the fastest way to evaluate if Knocknoc is right for them.Simply add a user, with a username and password. Then assign them to a group and map that group to an ACL. This is helpful for casual users, as yo...

Current Release Versions

Changelog and Roadmap

Current version of Knocknoc server is: 5.0.62, released on Mon, 12 Feb 2024 Current version of knocknoc-agent is: 1.0.28, released on Sat, 24 Feb 2024 

IPsets with UFW

Admin Guide Backends

This is an example that lets you use UFW (https://wiki.ubuntu.com/UncomplicatedFirewall) and IPsets to dynamically whitelist IPs for a common host-based firewall.  First you need a systemd script that creates an ipset on startup and then have a script that in...

Licensing Knocknoc

Admin Guide Setup Guides

Knocknoc licensing and pricing can be found on the Knocknoc website. Once you have obtained your license and have either completed the self-hosted install or received the login details for your cloud hosted instance: Copy your license key from the Knocknoc...

Mikrotik RouterOS

Admin Guide Backends

The scripting backend can be used for MikroTik RouterOS config updates as well. Here is a sample script you can use as a backend: #!/bin/bash # MikroTik SSH Update Script # Configuration MIKROTIK_USER="admin" MIKROTIK_HOST="192.168.88.1" # Replace with...

Create Groups

Admin Guide Setup Guides

Groups in Knocknoc map users to ACLs and a user can be assigned to multiple groups, to create a group in Knocknoc; Browse to the Knocknoc admin interface. Click on Groups on the left. Click Create Group on the right. Enter the name of the Group, matchi...

ACL Basics

Admin Guide ACLS

An ACL in Knocknoc is an important mapping between a Backend and ACL name, which is an argument passed into the Backend method. For example, if you have a Backend that is a script that updates an AWS security group, you can put the security group ID as the ...

Admins

Admin Guide Setup Guides

Admins in Knocknoc can login to /admin on their Knocknoc server, however they can't be granted ACLs. This separates out regular logins from admin logins, and allowed for best practice. You can create an Admin using this dialog box if required. SAML is the p...

Settings

Admin Guide Setup Guides

The Settings in Knocknoc allows you to configure some of the basic setup like authentication sources in web interface. The License is where you can cut and paste your license key from the Licensing Portal. Clicking save activates the server immediately (req...

Time for NTP

Admin Guide Troubleshooting

NTP It's important that ALL the servers within the Knocknoc cluster and agents are synchronised and set to the correct time.  We recommend using chrony on a Linux VM to keep the time, but any NTP implementation would work. Time is an important aspect of auth...

LDAP Troubleshooting tips

Admin Guide Troubleshooting

The Knocknoc server will need to be able to contact your LDAP server on port 389 or 636. This is determined by the LDAP URL in the Settings: ldap://myldap.domain.com - this format says port 389 ldaps://myldap.domain.com - this format is port 636 Please make...

Knocknoc server behind HAProxy

Admin Guide Troubleshooting

Running Knocknoc behind HAProxy could be a great option for people with existing HAProxy deployments, or who want to unify certificate and other management tasks. Here is a sample HAProxy config for Knocknoc as a backend: frontend Sol1-Frontend bind 0.0.0...

IPsets with Shorewall

Admin Guide Backends

This is an example that lets you use Shorewall https://shorewall.org/index.html and IPsets to dynamically whitelist IPs. You can achieve great power with these simple steps: A systemd service script that creates and loads the ipset at startup. Allows the ...