This feature is an early access release
It's being rolled out slowly for early feedback before we release it to all customers. If you're interested in testing it out, please contact us at support@knowledgeowl.com and request to be added to our early adopter testing group.
KnowledgeOwl supports two forms of author account management, also known as author provisioning:
- Manual account management or provisioning, in which you manually create, update, and delete authors in Account > Authors. Refer to Author management for more information.
- SCIM account management or provisioning, in which your company's Identity Provider (IdP) handles the account creation, updates, and deletions. On this page, we provide a high-level overview of what SCIM is and some of the setup considerations in KnowledgeOwl.
What is SCIM?
System for Cross-domain Identity Management (SCIM) provisioning is a cloud-based identity management solution. In this provisioning model, your IT administrators create and manage user accounts in a single system—an Identity Provider (IdP)—which is then integrated with other applications like KnowledgeOwl. They can control who has author accounts in KnowledgeOwl from within the IdP. As authors leave or are moved to other teams, your IT administrator can add, remove, or completely delete those user accounts from your IdP and have those changes reflected automatically in KnowledgeOwl.
They can also set IdP groups to associate with KnowledgeOwl so that when authors are added to or removed from groups, they're given or revoked access in KnowledgeOwl.
This form of provisioning is often preferred by larger organizations, since it means your IT administrator doesn't have to manually create, update, or delete accounts in KnowledgeOwl. Any changes to accounts get synced from your IdP instead.
Setup considerations
In KnowledgeOwl, you can use SCIM provisioning for authors in two different ways: with the Username and password author login type and the SAML SSO author login type. (Refer to Author login type for more information on the types broadly.)
Here's more on what each of those setups means:
Username and password author login
With this login type, the IdP will create, update, and delete author accounts in KnowledgeOwl, but those author accounts are still treated as KnowledgeOwl login author accounts, which means that:
- Authors log in to KnowledgeOwl through app.knowledgeowl.com.
- Author passwords for KnowledgeOwl are still reset and managed within KnowledgeOwl. (Authors won't use their IdP password to login.)
- New authors receive our general welcome email with a temporary password once they're pushed from the IdP.
Basically, your IdP remains the ultimate source of truth about who should have author access in KnowledgeOwl, but author passwords are administered within KnowledgeOwl.
This requires no additional setup beyond the SCIM setup.
SAML SSO author login
With this login type, the IdP will create, update, and delete author accounts and handle all author authentication into KnowledgeOwl, which means that:
- You must have reader SAML SSO set up for at least one knowledge base. Refer to SAML SSO instructions for more information.
- Authors log in to KnowledgeOwl through your knowledge base's SAML SSO login page.
- New authors receive a SAML SSO welcome email once they're pushed from the IdP.
- Authors log in using their IdP password. No password administration or resets happen in KnowledgeOwl.
As noted above, this setup requires you set up reader SAML SSO before the SCIM setup.
If you're familiar with Set up SAML SSO for authors, this approach is basically the automated way of setting up new authors with SAML SSO.
Get started with SCIM provisioning
Refer to SCIM provisioning for authors generic instructions and Okta SCIM provisioning for authors for more detailed instructions on setting up SCIM provisioning.