Integrating KnowBe4 with RSA Cloud Authentication Service using SAML SSO

3 years ago

Originally Published: 2019-06-21

Article Number

000055008

Applies To

RSA Product Set: SecurID Access
RSA Product/Service Type: RSA Cloud Authentication Service

Issue

This article explains how to integrate the RSA Cloud Authentication Service as an Identity Provider for KnowBe4 using SAML SSO.

Resolution

After contacting KnowBe4 customer support to enable SAML for your account, complete the steps below.

Log into your Cloud Administration Console.
Navigate to Applications > Application Catalog.
Click Create From Template and select SAML Direct.
In the Basic Information section, give a name to your new application and click Next Steps.
In the Connection Profile section, make sure you follow these configuration requirements:
- Binding Method should be IdP-Initiated.
- Copy the Identity Provider URL and provide it to KnowBe4 support.
- Find the SAML Response Signature certificate SHA1 Fingerprint and provide it to KnowBe4.
- Make sure that Include Certificate in Outgoing Assertion is checked.
- For the ACS URL, use the SAML Callback URL found in your KnowBe4 Account Settings. That is,

https://training.knowbe4.com/auth/saml/<account_number>/callback

For Service Provider Entity ID, use KnowBe4 (note that this string is case sensitive).
For NameID, Identifier Type select Email Address and for Property select mail.
Click Show Advanced Configuration to expand that section.
Under Attribute Extension, make sure that Attribute Name is not left empty.
Under Sign Outgoing Assertion, select Assertion within response.

Click Next Steps.
In the User Access section, choose Allow all authenticated users or select an Access Policy.
Click Next Steps.
Change the icon and add an Application Tooltip if you want.
Click Save and Finish.
Click Publish Changes.

Don't see what you're looking for?

Related Articles