The SAML SSO Settings offers several Advanced Options:
- Use a unique SP entity ID for this knowledge base: With this option selected, Entity ID and metadata will be updated upon saving.
- Issue a remote logout request using the IdP logout URL when a reader logs out: With this option selected, when a reader logs out of KnowledgeOwl, it will also send a logout request to to the IdP.
- On IdP initiated SSO, send readers to the RelayState specified landing page: Check this box if people are clicking links to specific articles, authenticating, and then getting kicked back to the homepage rather than redirected to the link they originally clicked. (The default behavior is to send readers to the homepage. Using this option will send readers to the RelayState specified landing page a.k.a. the page they were originally trying to access!)
- Sign all messages coming from this SP
- Sign metadata coming from this SP
- Sign all logout requests coming from this SP
- Require all IdP assertions to be signed
- Require all IdP messages to be signed
- Require all IdP assertions to be encrypted
- Author login on SSO ID match only: For KnowledgeOwl authors (not readers), the default behavior for ID matching is to login as an author with matching SSO ID. If no matching SSO ID is found, we then fall back to match on username / email. With this option selected, username / email will be ignored and only the SSO ID match is used for author account logins.