000037664 - Integrating KnowBe4 with RSA Cloud Authentication Service using SAML SSO

Document created by RSA Customer Support Employee on Jun 28, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037664
Applies ToRSA Product Set: SecurID Access
RSA Product/Service Type: RSA Cloud Authentication Service
IssueThis article explains how to integrate the RSA Cloud Authentication Service as an Identity Provider for KnowBe4 using SAML SSO. 
ResolutionAfter contacting KnowBe4 customer support to enable SAML for your account, complete the steps below. 
  1. Log into your Cloud Administration Console.
  2. Navigate to Applications > Application Catalog.
  3. Click Create From Template and select SAML Direct.
  4. In the Basic Information section, give a name to your new application and click Next Steps.
  5. In the Connection Profile section, make sure you follow these configuration requirements:
    • Binding Method should be IdP-Initiated.
    • Copy the Identity Provider URL and provide it to KnowBe4 support.
    • Find the SAML Response Signature certificate SHA1 Fingerprint and provide it to KnowBe4.
    • Make sure that Include Certificate in Outgoing Assertion is checked.
    • For the ACS URL, use the SAML Callback URL found in your KnowBe4 Account Settings.  That is,

  • For Service Provider Entity ID, use KnowBe4 (note that this string is case sensitive).
  • For NameIDIdentifier Type select Email Address and for Property select mail.
  • Click Show Advanced Configuration to expand that section.
  • Under Attribute Extension, make sure that Attribute Name is not left empty.
  • Under Sign Outgoing Assertion, select Assertion within response.

  1. Click Next Steps.
  2. In the User Access section, choose Allow all authenticated users or select an Access Policy.
  3. Click Next Steps.
  4. Change the icon and add an Application Tooltip if you want.
  5. Click Save and Finish.
  6. Click Publish Changes.