Single Sign-On is the system where a customer’s Identity Provider (IdP) serves as the basis for authentication when signing in to the Knapsack application Service Provider (SP).
This document provides a walkthrough of the collaborative process between Knapsack and customer to configure SSO for their workspace(s).
Note: Knapsack utilizes Auth0 for authentication & SSO.
SSO Configuration Workflow
In order to configure SSO for a workspace to work with a customer’s IdP, the customer team must provide the following:
- Point of contact that manages / implements SSO connections with customer’s IdP
- Email domains to be routed to SSO
- Users logging in with these email domains will be sent to the SSO system. Users with other email domains can still be invited to the workspace and access via username & password.
- Configuration Data:
- Sign-In URL
- X509 Signing Certificate (PEM or CER format)
- Sign Out URL
- Test accounts
- These can be real user accounts or accounts set up specifically for testing the SSO implementation once configured.
- Once the above information is provided, Knapsack’s Help team will do the initial SSO configuration in the underlying authentication platform, Auth0.
- Once initial configuration is complete, Knapsack will provide a post-back URL to the point of contact on the customer team. Example post-back URL:
- Customer team will finish configuration in the IdP and notify Knapsack when complete.
- Customer & Knapsack will initiate a test using the provided test accounts.
- If needed, customer’s point of contact and Knapsack’s help team will continue to troubleshoot the configuration until working as expected.