> ## Documentation Index
> Fetch the complete documentation index at: https://docs.knotapi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Single Sign-On

> Configure single sign-on (SSO) for your team using SAML 2.0 with identity providers like Okta.

## Overview

Single sign-on (SSO) services enable you to manage your team’s identity across all your SaaS products and you can use this functionality to manage authentication to the [Dashboard](https://docs.knotapi.com/dashboard/overview).

With an SSO service, a user can access multiple applications using one set of credentials (for example, an email address and password). The SSO service authenticates the user once for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session.

An example of SSO is Google's sign-in implementation for products like Gmail, YouTube, and Google Drive. Any user signed in to one of Google's products is also automatically signed in to their other products.

## SSO Setup for SAML

<Note>
  The identity provider (IdP) must support the SAML 2.0 standard. Today, [Okta](/dashboard/single-sign-on#okta) is the only supported IdP.
</Note>

Most SAML 2.0 compliant identity providers require the same information about the service provider for setup - Knot being the service provider in this case.

While configuring your IdP, make sure to set your user's email address in SAML attributes and claims. Knot expects to receive an email address from your IdP to identify the user. Even if you configure SSO, email/password and Google oAuth 2.0 authentication methods remain enabled for your team.

## Okta

To configure **Single Sign-On (SSO)** with **Okta**, you need to create a custom SAML application. Additionally, you must be an administrator in **Okta** and have an `Owner` role in your [Knot Dashboard](https://dashboard.knotapi.com) to set up SSO for your team.

### Configuring SSO using a custom SAML app

To continue configuring your custom SAML application, do the following:

<Steps>
  <Step title="Open Okta">
    Open your Okta admin console in a new tab.
  </Step>

  <Step title="Navigate to Applications">
    Go to "Applications" and then select "Applications."
  </Step>

  <Step title="Create an app integration">
    Select "Create App Integration."

    <img src="https://mintcdn.com/knot/uGXtPszCtMbiXf0x/images/okta-3.png?fit=max&auto=format&n=uGXtPszCtMbiXf0x&q=85&s=51f35bc63f8481df10b639365f0d10e6" alt="" width="3050" height="978" data-path="images/okta-3.png" />
  </Step>

  <Step title="Select SAML 2.0">
    In the "Create a new app integration" screen, select "SAML 2.0" and then select "Next."

    <img src="https://mintcdn.com/knot/uGXtPszCtMbiXf0x/images/okta-4.png?fit=max&auto=format&n=uGXtPszCtMbiXf0x&q=85&s=391948f6497c271ce94621a56154864f" alt="" width="1892" height="1102" data-path="images/okta-4.png" />
  </Step>

  <Step title="Choose an app name">
    In the "General Settings" tab, enter an app name you'll recognize later, and then select "Next."
  </Step>

  <Step title="Specify the SSO URL">
    In the "Configure SAML" tab, specify [https://dashboard.knotapi.com](https://dashboard.knotapi.com/) as the "Single Sign-On URL" and use it as your "Audience URI (SP Entity ID)." Choose "Email Address" as the "name ID" format.

    <Warning>
      Keep in mind that later on, you will need to modify the "Single Sign-On URL" and the "Audience URI (SP Entity ID)" according to the configuration generated when setting up the SAML/SSO in the [Knot Dashboard](https://dashboard.knotapi.com).
    </Warning>

    <img src="https://mintcdn.com/knot/uGXtPszCtMbiXf0x/images/okta-6.png?fit=max&auto=format&n=uGXtPszCtMbiXf0x&q=85&s=1bab8bd9a089aa7de0ba2548edb77ea0" alt="" width="2120" height="1532" data-path="images/okta-6.png" />
  </Step>

  <Step title="Specify the app as internal">
    In the "Feedback" tab, select "I'm an Okta customer adding an internal app." Select "This is an internal app that we have created" as the app type, and then select "Finish."
  </Step>

  <Step title="Find the setup instructions">
    Select the "Sign On" tab, and then select "View SAML setup instructions" to display the "IdP details."

    <img src="https://mintcdn.com/knot/uGXtPszCtMbiXf0x/images/okta-8.png?fit=max&auto=format&n=uGXtPszCtMbiXf0x&q=85&s=f07c185b1a0ba1eed92e3e5c1ee94089" alt="" width="2992" height="1412" data-path="images/okta-8.png" />
  </Step>

  <Step title="Login to the Knot Dashboard">
    Login to the [Knot Dashboard](https://dashboard.knotapi.com) with an `Owner` role and navigate to the "Account" page.
  </Step>

  <Step title="Complete the SAML/SSO form">
    Based on the IdP details you got in Step 8, fill in the form with the following details

    1. Entity ID -> Identity Provider Issuer

    2. Login URL and Logout URL -> Identity Provider Single Sign-On URL

    3. X509 Certificate -> X509 Certificate

    Click "Submit" to generate the configuration.
  </Step>

  <Step title="Update the SAML settings in Okta">
    Navigate to the custom SAML application in Okta, click "Edit," and update the SAML settings using the configuration generated in the prior step. The "Single Sign-On" is the "Reply URL" and the "Audience URI (SP Entity ID)" is the "Entity ID."

    <img src="https://mintcdn.com/knot/uGXtPszCtMbiXf0x/images/okta-11.png?fit=max&auto=format&n=uGXtPszCtMbiXf0x&q=85&s=967080b042dc8984e637481f9d30283b" alt="" width="768" height="500" data-path="images/okta-11.png" />
  </Step>
</Steps>