SSO Advanced Options

The SAML SSO Integration offers several Advanced Options:

  • Use a unique SP entity ID for this knowledge base: With this option selected, Entity ID and metadata will be updated upon saving.
  • Issue a remote logout request using the IdP logout URL when a reader logs out
  • On IdP initiated SSO, send readers to the RelayState specified landing page: The default behavior is to send readers to the home page. Using this option will send readers to the RelayState specified landing page.
  • Sign all messages coming from this SP
  • Sign metadata coming from this SP
  • Sign all logout requests coming from this SP
  • Require all IdP assertions to be signed
  • Require all IdP messages to be signed
  • Require all IdP assertions to be encrypted
  • User login on SSO ID match only: For KnowledgeOwl users (not readers), the default behavior for ID matching is to login as a user with matching SSO ID. If no matching SSO ID is found, we then fall back to match on username / email. With this option selected, username / email will be ignored and only the SSO ID match is used for user account logins.