Introduction

Single Sign-On is the system where a customer’s Identity Provider (IdP) serves as the basis for authentication when signing in to the Knapsack application Service Provider (SP).

This document provides a walkthrough of the collaborative process between Knapsack and customer to configure SSO for their workspace(s).

Note: Knapsack utilizes Auth0 for authentication & SSO.

SSO Configuration Workflow

Preparation

In order to configure SSO for a workspace to work with a customer’s IdP, the customer team must provide the following:

• Point of contact that manages / implements SSO connections with customer’s IdP
• Email domains to be routed to SSO
  • Users logging in with these email domains will be sent to the SSO system. Users with other email domains can still be invited to the workspace and access via username & password.
• Configuration Data:
  • Sign-In URL
  • X509 Signing Certificate (PEM or CER format)
  • Sign Out URL
• Test accounts
  • These can be real user accounts or accounts set up specifically for testing the SSO implementation once configured.

Configuration Steps

• Once the above information is provided, Knapsack’s Help team will do the initial SSO configuration in the underlying authentication platform, Auth0.
• Once initial configuration is complete, Knapsack will provide a post-back URL to the point of contact on the customer team. Example post-back URL: https://auth.knapsack.cloud/login/callback?connection=YOUR_CONNECTION_NAME
• Customer team will finish configuration in the IdP and notify Knapsack when complete.
• Customer & Knapsack will initiate a test using the provided test accounts.
• If needed, customer’s point of contact and Knapsack’s help team will continue to troubleshoot the configuration until working as expected.