What identity providers do you support?
KnowledgeOwl supports identity providers using SAML 2.0. Here's a list of popular IdPs currently being used by our customers:
Can I use SSO with other authentication methods?
Yes! SSO be used in combination with other authentication methods. Here's some sample setups:
- Public knowledge with SSO login for access to restricted content
- Private knowledge base with SSO for staff and remote authentication for customers
- Private knowledge base with SSO for IdP users and manual reader logins for other readers
Can I pass over groups to set permissions?
Absolutely! You can set up reader groups in KnowledgeOwl and automatically assign your readers to the appropriate groups via SSO. Use reader groups to control who has access to what content.
Can I create groups in KnowledgeOwl that don't exist in my IdP?
Yes! You can create KO-only reader groups that will not be affected by SSO. The default behavior is that groups are set/unset by SSO, but a KO-only reader group is not affected. You will need to manually assign readers to these groups in KO.
Do I need to create all my readers in KnowledgeOwl?
Nope! SSO will automatically create new readers for you the first time they log in. You do not need to manage your readers in KO when using SSO.
Can I log in readers from my own application?
Yes! As long as you have access to the code, you can host your own remote authentication script to automatically authenticate and log in your readers.
Can I talk to someone?
How does SSO work with user permissions?
By default, all KnowledgeOwl users are created with a KnowledgeOwl-based username and password. If SAML/SSO is enabled, users can log in using:
- Their KO-based username and password, using https://app.knowledgeowl.com/login
- Their SAML username and password, using their SAML login URL
You can force users to log in only via SAML by changing their User login type.
You cannot provision users to app.knowledgeowl.com using SSO. You need to create the user in KnowledgeOwl first and then set them to log in via SSO.