Search Results

Gsuite can be setup as an Identity Provider if you have Gsuite Business Startter or above plan. The basis of this guide is the official docs here: https://support.google.com/a/answer/6087519?hl=en which should be referred to in case any thing changes from the...

The  FortiOS integration allows Knocknoc to dynamically add and remove user's source IP from a named address group. This address group can then be used in whatever Firewall rule you like, opening up many possibilities for securing access to systems behind Fort...

Overview This integration is designed to manage named locations in Microsoft Azure Conditional Access policies via the Microsoft Graph API. It allows users to add, delete, or flush named locations related to specific IP addresses. This system can also be used...

Azure Portal or specific Azure services can be further protected through the use of the Knocknoc Entra back end. This helps prevent or reduce ransomware and common Business Email Compromise (BEC) attacks and data theft/exfiltration through isolating user logi...

Ivanti Connect Secure devices that have an outer firewall or control layer can be protected from unauthorised threat actors by implementing Knocknoc and firewall orchestration This prevents direct Internet access to the Ivanti Connect Secure devices prior to ...

Protect your existing Fortigate or Palo assets from direct internet or internal exposure by introducing Knocknoc. Remote management and administration interfaces, VPN services/ports or any service offered can be protected, requiring a centralised login prior ...

The Allowlist backend makes a list of active IP address grants available via the Knocknoc server API. This allows integration with appliances or clients that can be configured to poll a URL without the need for a Knocknoc agent to be deployed. This is sometime...

The following example assumes your Knocknoc instance is located at https://your-knocknoc.cloud/. Wherever you see that, please substitute it for your own instance URL. Knocknoc SAML config Login In the Knocknoc admin interface (eg: https://your-knocknoc....

Keycloak supports multiple authentication realms, so you must first select the appropriate realm for your organisation. Do not make any of the below changes in the Keycloak/master realm. In this example our realm is called "Acme" and Keycloak is hosted at htt...

Knocknoc 7.5  🚀 Knocknoc 7.5 marks a major milestone in our journey to redefine secure network access. This release is a comprehensive redesign of the user experience, delivering a streamlined, intuitive interface that empowers both administrators and end use...

CyberArk integrates with Knocknoc via the "Web Apps" component, passing through SAML assertions.   Knocknoc SAML config Log in to the Knocknoc Admin interface On the Settings page configure the PublicURL (eg: https://knocknoc.yourserver.com) Create and ...

Knocknoc enables you to remove the attack surface of systems, by enacting just-in-time network/application-based allow-listing. It can operate in a number of ways - from orchestrating network access controls (eg: adding to firewall rules - whilst presenting n...

Passive, Active or a combination Passive - Knocknoc's Allowlist features provides a passive integration with firewalls that support a External Dynamic Lists or EDLs.  This feature allows the firewall to pull from the Knocknoc server a list of IPs of authentic...

The Knocker utility is a command-line tool for managing various backends with ease. It provides commands for enabling, disabling, installing, uninstalling, and performing health checks for supported backends. Usage /opt/knocknoc-agent/knocker/knocker <comman...

Capturing additional client IP addresses A client may exhibit behaviour where multiple IP addresses are observed as part of the authentication request. Situations such as: Internal IP addresses (eg: 10.0.x.x / RFC1918), should the Server (or MYIP component...

In this example our Authentik instance is hosted at https://auth.example.com/ and is running version 2024.12.2 Our Knocknoc instance is a cloud instance with URL https://authentiktest.knoc.cloud. If you are using a cloud server, replace with your own URL, or ...

Passive, Active or a combination Passive - Knocknoc's Allowlist features provides a passive integration with firewalls that support a External Dynamic Lists or EDLs.  This feature allows the firewall to pull from the Knocknoc server a list of IPs of authentic...

Below is a concise guide for a sysadmin (or developer) to set up and configure AWS WAF with a custom HTML 403 response and integrate it with your update-aws-waf-ipset.sh script (which follows the argument order <ACTION> <ACL_NAME_OR_ID> <IP_ADDRESS>). This gui...

Knocknoc keeps a track of the IPs and tries to be kind to users that share IPs. This means that if two users are coming from the same IP, revoking a session for the first user will keep the ACL in place.  This is the meaning of: Last One Out Turn Off The Ligh...

Logging is important - we love logging. Because of this, we have included an easy to find, follow and parse log output that provides an additional layer of visibility across your Knocknoc user activity, including logins, access grants, manual interactions, as...