Configure SAML SSO in KnowledgeOwl

In order to test SAML SSO in KnowledgeOwl, you must first configure your SSO integration. View our list of available setup instructions.


TypeSet upTesting
Restrict entire kb to SSOUnder Settings > Security choose:
  1. Access Security: None
  2. Default Login Page: SAML Login URL
  3. Enable SAML:  Restrict Access to SSO
Inside the application:
  1. Click View KB.
  2. Click either Logout button. You should be redirected to the IdP for authentication.
  3. After authenticating, go to Your Account > Readers to ensure the reader was properly created with all the mapped attributes.

Notes:

  • You can also test by going to your knowledge base URL in a browser where you are not logged in as a user.
  • If you authenticate through your IdP with the same email as your KO user, you will be authenticated as the user and not a reader. You can tell you are logged in as a user if you see the dark editor bar at the bottom of the knowledge base to Add Content, Edit in App, and Change Reader Groups.
Restrict only some content to SSO (part public and part private)Under Settings > Security choose:
  1. Access Security: None
  2. Default Login Page: SAML Login URL
    Note: Do not choose Restrict Access to SSO in the SAML section.

Under Settings > Basic choose:

  1. Add a reader login / logout link

Under Settings > Style

  1. Go to Custom HTML > Top Navigation.
  2. Make sure you have the login template code if you want a login button. It will look like this:
Inside the application:
  1. Click View KB.
  2. Click the Logout button in the top right. This should log you out as a user and return you the home page of the public site with the option to Login.
  3. Click Login to authenticate with your IdP.
  4.  Go to Your Account > Readers to ensure the reader was properly created with all the mapped attributes.

Notes:

  • You can also test by going to your knowledge base URL in a browser where you are not logged in as a user and clicking on Login.
  • If you click on the user Logout in the bottom right, it will bring you to the reader login page. Click Continue as Guest to return to the public home page. You cannot log in here with your IdP credentials. Your KO user credentials will work.
  • If you authenticate through your IdP with the same email as your KO user, you will be authenticated as the user and not a reader. You can tell you are logged in as a user if you see the dark editor bar at the bottom of the knowledge base to Add Content, Edit in App, and Change Reader Groups.
Restrict entire kb but allow both SSO and reader loginsUnder Settings > Security choose:
  1. Access Security: Restrict by reader logins
  2. Default Login Page: Choose SAML Login URL or Reader Login Page
  3. Enable SAML:  Restrict Access to SSO

Note: The default login page is where readers will go if they try to access the site without being logged in or click on the logout button in the kb.

Inside the application:
  1. Click View KB.
  2. Click the Logout button in the top right (the kb logout button). You should be redirected to your IdP for authentication.
  3. After authenticating, go to Your Account > Readers to ensure the reader was properly created with all the mapped attributes.
  4. Click View Kb.
  5. Click the Logout button in the bottom right (the user logout button). This will bring you to the reader login page (/readerlogin). 
  6. Test logging in as a reader. You can set up readers under Your Account > Readers.