SSO options for different knowledge base setups

In order to test SAML SSO in KnowledgeOwl, you must first configure your SSO integration. View our list of available setup instructions.


TypeSet upTesting
Restrict entire knowledge base to SSOUnder Settings > Security choose:
  1. Default Access: Public
  2. Default Login Page: SAML Login URL

Under Settings > SSO, SAML Settings choose:

  1. Enable SAML SSO
  2. Restrict Access to SSO
Inside the application:
  1. Click View KB.
  2. Click either Logout button. You should be redirected to the IdP for authentication.
  3. After authenticating, go to Your Account > Readers to ensure the reader was properly created with all the mapped attributes.

Notes:

  • You can also test by going to your knowledge base URL in a browser where you are not logged in as an author.
  • If you authenticate through your IdP with the same email as your KO author, you will be authenticated as the author and not a reader. You can tell you are logged in as an author if you see the dark editor bar at the bottom of the knowledge base to Add Content, Edit in App, and Change Reader Groups.
Restrict only some content to SSO (part public and part private)Under Settings > Security choose:
  1. Default Access: Public
  2. Default Login Page: SAML Login URL.

Under Settings > SSO, SAML SSO Settings choose:

  1. Enable SAML SSO (do NOT choose Restrict Access to SSO)

Under Settings > Basic choose:

  1. Add a reader login / logout link

Under Settings > Style:

  1. Go to Custom HTML > Top Navigation.
  2. Make sure you have the login template code if you want a login button. It will look like this: [template("login")]
Inside the application:
  1. Click View KB.
  2. Click the Logout button in the top right. This should log you out as an author and return you to the home page of the public site with the option to Login.
  3. Click Login to authenticate with your IdP.
  4.  Go to Your Account > Readers to ensure the reader was properly created with all the mapped attributes.

Notes:

  • You can also test by going to your knowledge base URL in a browser where you are not logged in as an author and clicking on Login.
  • If you click on the author Logout in the bottom right, it will bring you to the reader login page. Click Continue as Guest to return to the public home page. You cannot log in here with your IdP credentials. Your KO author credentials will work.
  • If you authenticate through your IdP with the same email as your KO author, you will be authenticated as the author and not a reader. You can tell you are logged in as an author if you see the dark editor bar at the bottom of the knowledge base to Add Content, Edit in App, and Change Reader Groups.
Restrict entire knowledge base but allow both SSO and reader loginsUnder Settings > Security choose:
  1. Default Access: Restrict by reader logins
  2. Default Login Page: Choose SAML Login URL or Reader Login Page
    Note: The default login page is where readers will go if they try to access the site without being logged in or click on the logout button in the kb.

Under Settings > SSO, SAML Settings choose:

  1. Enable SAML
  2. Do not Restrict Access to SSO


Inside the application, for SSO:
  1. Click View KB.
  2. Click the Logout button in the bottom right (the author logout button). This will bring you to whatever you've set as the Default Login Page.
  3. Test logging in through that page. (For SAML account creation testing, go to Your Account > Readers to ensure the reader was properly created with all the mapped attributes.)
  4. To test the non-default login page option, you'll need to enter the login page manually (/readerlogin for the KnowledgeOwl built-in login page, the IdP Login URL from Settings > SSO for SSO).