What identity providers do you support?
KnowledgeOwl supports identity providers using SAML 2.0. Here's a list of popular IdPs currently being used by our customers:
Can I set up multiple SSO integrations?
No. We only support one IdP per knowledge base.
Alternatively, you can:
- Use SSO with other authentication methods, such as KnowledgeOwl reader logins or remote authentication
- Create a new knowledge base that is synced to your current knowledge base, and add a different SSO integration there
Can I use SSO with other authentication methods?
Yes! SSO can be used in combination with other authentication methods. Here's some sample setups:
- Public knowledge with SSO login for access to restricted content
- Private knowledge base with SSO for staff and remote authentication for customers
- Private knowledge base with SSO for IdP users and manual reader logins for other readers
Can I pass over groups to set permissions?
Absolutely! You can set up reader groups in KnowledgeOwl and automatically assign your readers to the appropriate groups via SSO. Use reader groups to control who has access to what content.
To get this started, you'll need to manually create reader groups in KnowledgeOwl that match the group names that will be passed over from SSO. You'll also need to be sure you've set up Direct Reader Attribute Map rules and/or Custom Attribute Map rules to send that reader group information from your SSO to KO. Our SAML SSO and remote authentication setups support this. Readers will be automatically assigned to the KO groups based on the group info passed over from SSO.
Can I create groups in KnowledgeOwl that don't exist in my IdP?
Yes! You can create KO-only reader groups that will not be affected by SSO. The default behavior is that groups are set/unset by SSO, but a KO-only reader group is not affected. You will need to manually assign readers to these groups in KO.
Do I need to create all my readers in KnowledgeOwl?
Nope! SSO will automatically create new readers for you the first time they log in. You do not need to manage your readers in KO when using SSO.
Can I log in readers from my own application?
Yes! As long as you have access to the code, you can host your own remote authentication script to automatically authenticate and log in your readers.
Can I talk to someone?
How does SSO work with user permissions?
By default, all KnowledgeOwl users are created with a KnowledgeOwl-based username and password. If SAML/SSO is enabled, users can log in using:
- Their KO-based username and password, using https://app.knowledgeowl.com/login
- Their SAML username and password, using their SAML login URL
You can force users to log in only via SAML by changing their User login type.
You cannot provision users to app.knowledgeowl.com using SSO. You need to create the user in KnowledgeOwl first and then set them to log in via SSO.