Search Results

Knocknoc can authenticate users to an LDAP server like Active Directory, by attempting to bind as that user with their password. This is useful when you have an on-premises LDAP server, and want to allow users to have a single password to manage. Knocknoc conf...

SAML is an in-depth topic, however it represents the best option for securing users, and providing centralized user management. There are many SAML providers, and no single convention on configuration and implementation. Knocknoc is tried and tested with a few...

An overview of SAML principles and key terms to help you effectively configure and manage SAML with Knocknoc. What is SAML? SAML is an open standard for exchanging authentication data between parties, specifically between an identity provider and a service pro...

The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Wherever you see that, please substitute it for your own instance URL. Setting Up the IdP Creating An Application Log in to your JumpCloud tenant as an administrator....

The following example assumes your Knocknoc instance is located at https://<hosting instance>.knoc.cloud. Wherever you see that, please substitute it for your own instance URL (e.g. https://demo.knoc.cloud, https://my-saas.knoc.cloud). Setting Up the IdP Crea...

The following example assumes your Knocknoc instance is located at https://demo.knoc.cloud. Wherever you see that, please substitute it for your own instance URL. Setting Up the IdP Create an Application Click Create App Integration Select SAML 2.0 Set an App...

Knocknoc supports local users in addition to SAML/LDAP. Simply add a user, with a username and password. Then assign them to a group or link them within a Knoc. This is helpful for casual users, as you can set an expiry. So for example if you have a web applic...

Current version of Knocknoc server is: 5.0.62, released on Mon, 12 Feb 2024 Current version of knocknoc-agent is: 1.0.28, released on Sat, 24 Feb 2024 

This is an example that lets you use UFW (https://wiki.ubuntu.com/UncomplicatedFirewall) and IPsets to dynamically allowlist IPs for a common host-based firewall.  This is achieved in only a few steps: Install the Knocknoc orchestration agent on the UFW host ...

Knocknoc licensing and pricing can be found on the Knocknoc website. Once you have obtained your license and have either completed the self-hosted install or received the login details for your cloud hosted instance: Copy your license key from the Knocknoc Li...

Groups in Knocknoc map users to Knocs. Users can be assigned to multiple groups, to create a group in Knocknoc; Browse to the Knocknoc admin interface. Click on Groups on the left. Click Create Group on the right. Enter the name of the Group. If the Gr...

For additional security and temporal access control, Knocs support a "click to grant" and "click to revoke" option. This requires the user to click a button after logging in, prior to each grant being processed. This offers an additional layer of security and ...

Admins in Knocknoc can log in to /admin on their Knocknoc server, however they can't be granted ACLs. This separates out regular logins from admin logins, and allows for best practice. You can create an Admin using this dialog box if required. SAML is the pre...

Settings The Settings page lets administrators configure authentication, server options, threat intelligence, branding, and other system-wide preferences. Open it from the Admin portal sidebar. Some sections are hidden when running on Knocknoc Cloud.   License...

NTP It's important that ALL the servers within the Knocknoc cluster and agents are synchronized and set to the correct time.  We recommend using chrony on a Linux VM to keep the time, but any NTP implementation would work. Time is an important aspect of authen...

The Knocknoc server will need to be able to contact your LDAP server on port 389 or 636. This is determined by the LDAP URL in the Settings: ldap://myldap.domain.com - this format says port 389 ldaps://myldap.domain.com - this format is port 636 Please make...

Running Knocknoc behind HAProxy could be a great option for people with existing HAProxy deployments, or who want to unify certificate and other management tasks. Here is a sample HAProxy config for Knocknoc as a backend: frontend Sol1-Frontend bind 0.0.0...

This is an example that lets you use Shorewall https://shorewall.org/index.html and IPsets to dynamically allowlist IPs. You can achieve great power with these simple steps: Install the Knocknoc Agent on the Shorewall host and enroll it into the Knocknoc serv...