Knogin
[Zarządzanie]

Enterprise Authentication and SSO

The Enterprise Authentication SSO module delivers identity federation across SAML, OAuth 2.0, and OpenID Connect with seamless single sign-on for enterprise-scale deployments.

Metadane modulu

The Enterprise Authentication SSO module delivers identity federation across SAML, OAuth 2.0, and OpenID Connect with seamless single sign-on for enterprise-scale deployments.

Powrót do wszystkich modułów

Odwolanie do zrodla

content/modules/admin-authentication-sso.md

Ostatnia aktualizacja

23 lut 2026

Kategoria

Zarządzanie

Suma kontrolna tresci

73b609106aaeff9a

Tagi

managementcompliancegeospatial

Renderowana dokumentacja

Ta strona renderuje Markdown i Mermaid modulu bezposrednio z publicznego zrodla dokumentacji.

Overview#

The Enterprise Authentication SSO module delivers identity federation across SAML, OAuth 2.0, and OpenID Connect with seamless single sign-on for enterprise-scale deployments. It provides centralized authentication with zero-trust security principles, supporting all major identity providers and directory synchronization for automated user lifecycle management.

Key Features#

  • SAML 2.0 Federation - Full support for Service Provider and Identity Provider modes with metadata management, automatic certificate rotation, and attribute mapping. Compatible with Okta, Azure AD, Google Workspace, OneLogin, PingFederate, Auth0, JumpCloud, and custom SAML providers.

  • OAuth 2.0 and OpenID Connect - Modern authentication flows including Authorization Code with PKCE, Client Credentials, Device Authorization, and Refresh Token flows. Supports standard and custom scopes, claims, and dynamic client registration.

  • Directory Synchronization - Real-time bidirectional sync with LDAP, Active Directory, Azure AD, Google Workspace, and SCIM-compatible systems. Automatic user provisioning, updates, and deprovisioning based on directory changes.

  • Just-in-Time Provisioning - Automatically create user accounts on first SSO login with configurable attribute mapping, default role assignment, and welcome workflows.

  • Multi-IdP Support - Connect multiple identity providers simultaneously with routing by domain or user group. Automatic failover to backup identity providers ensures continuous access.

  • Adaptive Authentication - Risk-based step-up authentication for sensitive operations, with configurable policies based on user context, device trust, and access patterns.

  • Secure Session Management - Configurable session policies including duration limits, concurrent session controls, cross-domain synchronization, and federated single logout.

  • Certificate Management - Automated certificate lifecycle management with expiration monitoring, rotation without downtime, and support for multiple signing certificates during transition periods.

Supported Identity Providers#

  • Okta (SAML, OIDC, SCIM)
  • Azure AD / Entra ID (SAML, OIDC, Graph API)
  • Google Workspace (SAML, OIDC, Directory API)
  • OneLogin (SAML, OIDC, SCIM)
  • Auth0 (OIDC, SCIM)
  • PingFederate (SAML, OIDC)
  • JumpCloud (LDAP, SAML, SCIM)
  • Custom SAML and OIDC providers

Directory Integration#

  • Active Directory - LDAP and Kerberos support for on-premises directories
  • Azure AD - Microsoft Graph API integration with delta sync
  • Google Workspace - Directory API with organizational unit mapping
  • SCIM 2.0 - Standard provisioning protocol for compatible systems
  • Bidirectional Sync - Configurable sync direction per attribute with conflict resolution

Use Cases#

  • Eliminating password fatigue by enabling single sign-on across all applications with a single set of credentials.
  • Automating user lifecycle management by synchronizing user accounts, groups, and roles from your corporate directory.
  • Enforcing authentication standards across the organization with centralized policies for MFA, session management, and access controls.
  • Simplifying compliance with complete authentication audit trails and centralized identity governance.
  • Supporting hybrid environments by bridging legacy LDAP/Active Directory systems with modern cloud identity providers.

Getting Started#

  1. Configure your Identity Provider - Create a SAML application or OAuth client in your IdP and configure redirect URIs and attribute mappings.
  2. Set up SSO - Import your IdP metadata, map attributes to local user fields, configure session settings, and test the authentication flow.
  3. Enable Directory Sync - Connect your directory, set up the sync schedule, map groups to roles, and trigger the initial synchronization.
  4. Validate and Go Live - Test with a pilot group, verify attribute mappings, confirm MFA enforcement, and roll out to all users.

Availability#

  • Enterprise Plan: Included (all protocols, multi-IdP, directory sync)
  • Professional Plan: SAML and OIDC SSO included; directory sync and advanced features available as add-on

Last Reviewed: 2026-02-23