Context
You want to require your authors to log in to the KnowledgeOwl app using SAML SSO. Your knowledge base might be public or use a different method of authentication.
Resolution
- Set up SAML SSO on a knowledge base that your authors have access to.
- Be sure to check the box to Enable SAML SSO reader logins and complete your SAML attribute map for SSO ID and email. It's easiest to use the email as the SSO ID and username, but you can use any unique value as the SSO ID.
- If needed, use Enable debug mode to troubleshoot issues in order to confirm what attribute names and values the IdP is sending over. With debug mode enabled, logging in via SP login URL will display the attribute names and values being sent by the IdP.
- Use the SP login URL to confirm authors are able to authenticate with SAML SSO. When logged in as an author, they will see the author toolbar at the top of the knowledge base. This confirms your authors are getting logged in with author access.
- Edit your authors to change the login type to force those authors to authenticate using SAML SSO.
- Recommended: Leave at least one admin author with a self-administered username and password in case you ever need to troubleshoot SAML SSO.
Once set up, these authors will be forced to use SAML SSO when logging in to the app. Here are the steps for the author to confirm SAML authentication is working.
- Log out of the KnowledgeOwl app.
- Go to the KnowledgeOwl login page.
- Enter author email and select the button to proceed.
- You're redirected for SAML authentication
- After SAML authentication, you're redirected to knowledge base and can access the KnowledgeOwl app by using the author toolbar.
Background
SAML SSO for authors uses reader SSO for a knowledge base. In order to force authors to use SAML SSO, reader SAML SSO must be set up on an existing knowledge base.