SSO options for different knowledge base setups

Last Modified on 12/23/2024 11:14 am EST

Choose which type of SSO setup you'd like more information on:

Prerequisite
In order to test SAML SSO in KnowledgeOwl, you must first configure your SSO integration. View our list of available setup instructions.

Restrict entire knowledge base to SSO

With this setup, nothing in your knowledge base can be accessed without someone logging in through your SSO integration.

To guarantee your knowledge base is only accessible through SSO, follow these setup instructions:

Change general security settings

  1. Go to Security and access > Security settings.
  2. In Content authentication, select Public.
  3. In Unauthenticated access behavior, select Redirect them to your SAML Login URL.
  4. Be sure to Save your changes.

Change Single sign-on settings

  1. Go to Security and access > Single sign-on.
  2. In the SAML Settings tab, in the SAML SSO behavior, select Enable SAML SSO reader logins and Require all readers to log in via SAML SSO.
  3. Be sure to Save your changes.

Test to confirm your changes

The expected behavior here is that anyone hitting any page in your knowledge base will be directed to the SAML login page. To test this behavior:

  1. From within KnowledgeOwl, select View knowledge base.
  2. Copy the URL this opens.
  3. Paste that URL into a different browser, incognito window, or private window. You should be redirected to the IdP for authentication.
  4. After authenticating, in KnowledgeOwl, go to Security and access > Readers to ensure the reader was properly created with all the mapped attributes.

    Are you logged in as an author?
    If you authenticate through your IdP with the same email as your KO author, you will be authenticated as the author and not a reader. You can tell you're logged in as an author if you see the dark editor bar at the top of the knowledge base to Add content, Edit [page], and View as.

Restrict only some content to SSO

In this setup, some of your knowledge base is public, while the content that's private requires login through SSO.

To ensure your knowledge base is set up this way, follow these setup instructions:

Change general security settings

  1. Go to Security and access > Security settings.
  2. In Content authentication, select Public.
  3. In Unauthenticated access behavior, select Redirect them to your SAML Login URL.
  4. Be sure to Save your changes.

Change Single sign-on settings

  1. Go to Security and access > Single sign-on.
  2. In the SAML Settings tab, in the SAML SSO behavior, select Enable SAML SSO reader logins.
  3. Be sure Require all readers to log in via SAML SSO isn't selected.
  4. Be sure to Save your changes.

Enable reader login and be sure the option displays

  1. Go to Customize > Website.
  2. In the Links and behavior section, in Top navigation, select Add a reader login / logout link.
  3. Be sure to Save your changes.
  4. Go to Customize > Style (HTML & CSS).
  5. In the Customize HTML, CSS, and JS section, select Custom HTML.
  6. In Select HTML section to edit, select Top Navigation.
  7. Make sure you have the login template code if you want a login button: 
    [template("login")]

Test to confirm your changes

The expected behavior here is that anyone hitting your knowledge base homepage any page in your knowledge base will be directed to the SAML login page. To test this behavior:

  1. From within KnowledgeOwl, select View knowledge base.
  2. Copy the URL this opens.
  3. Paste that URL into a different browser, incognito window, or private window. You should be able to access the homepage with no issues.
  4. From within KnowledgeOwl, find an article or category that's restricted to a reader group. Select View article or View category.
  5. Copy the URL this opens.
  6. Paste that URL into a different browser, incognito window, or private window. You should be redirected to the IdP for authentication.
  7. After authenticating, in KnowledgeOwl, go to Security and access > Readers to ensure the reader was properly created with all the mapped attributes.

    Are you logged in as an author?
    If you authenticate through your IdP with the same email as your KO author, you will be authenticated as the author and not a reader. You can tell you're logged in as an author if you see the dark editor bar at the top of the knowledge base to Add content, Edit [page], and View as.

Restrict entire knowledge base but allow both SSO and reader logins

With this setup, your entire knowledge base requires login, but readers can log in either through SSO or using KnowledgeOwl-native reader logins. This is useful if you have a mixed audience, like some employees and some customers, and don't use SSO for both.

To set your knowledge base up for these dual login options, follow these setup instructions:

Change general security settings

  1. Go to Security and access > Security settings.
  2. In Content authentication, select Reader logins.
  3. In Unauthenticated access behavior, select either Redirect them to your SAML Login URL or Redirect them to the reader login page. This will be the login page automatically presented to not-logged-in readers, so choose the one that the majority of your readers will use.
  4. Be sure to Save your changes.

Change Single sign-on settings

  1. Go to Security and access > Single sign-on.
  2. In the SAML Settings tab, in the SAML SSO behavior, select Enable SAML SSO reader logins.
  3. Be sure Require all readers to log in via SAML SSO isn't selected.
  4. Be sure to Save your changes.

Optional: Add link to secondary login page

The Security settings will automatically direct readers to the login page selected in Unauthenticated access behavior.

For whichever login page you use as the default, you may want to add a link for your readers to jump to the other login page.

For example, if you selected SAML Login url page, have your developers include a link to the standard KnowledgeOwl /readerlogin page on that page. If you selected the reader login page, you can add HTML to this page to add a hyperlink to your SAML login URL:

  1. Go to Customize > Style (HTML & CSS).
  2. In the Customize HTML, CSS, and JS section, select Custom HTML.
  3. In Select HTML section to edit, select Login.
  4. Add HTML here to add a hyperlink to your SAML/SSO login URL.
  5. Be sure to Save your changes.

Test to confirm your changes

The expected behavior here is that anyone hitting any page in your knowledge base will be directed to the SAML login page. To test this behavior:

  1. From within KnowledgeOwl, select View knowledge base.
  2. Copy the URL this opens.
  3. Paste that URL into a different browser, incognito window, or private window. You should be redirected to whichever login page you selected for the Unauthenticated access behavior.
  4. After authenticating, in KnowledgeOwl, go to Security and access > Readers to ensure the reader was properly created with all the mapped attributes.

    Are you logged in as an author?
    If you authenticate through your IdP with the same email as your KO author, you will be authenticated as the author and not a reader. You can tell you're logged in as an author if you see the dark editor bar at the top of the knowledge base to Add content, Edit [page], and View as.

Related Articles

Was this article helpful?
Thank you for your feedback!
User Icon

Thanks! Your comment will appear when it's approved :)

Copyright © 2015 – Silly Moose, LLC. All rights reserved.
Powered by KnowledgeOwl knowledge base software.