Skip to main content
Enterprise Knowledge (EK) supports SAML 2.0 Single Sign-On (SSO) for on-premise deployments, allowing your users to authenticate through your organization’s existing Identity Provider (IdP) instead of managing a separate set of credentials.

Why Set Up SSO

  • Centralized authentication — users sign in once through your corporate IdP and get access to EK without a separate login.
  • Easier access management — provisioning and deprovisioning happens at the IdP level. When someone leaves the organization, revoking their IdP access immediately cuts off EK access too.
  • Consistent security policy — MFA, conditional access, and session policies you’ve configured in your IdP apply automatically to EK sign-ins.
  • Reduced credential overhead — no EK-specific passwords to manage, reset, or rotate.

How EK Implements SSO

EK acts as a SAML 2.0 Service Provider (SP). It publishes SP metadata that your IdP consumes to establish trust, and it accepts SAML assertions from your IdP to authenticate users. SSO is keyed by email domain — once you register a domain, any user whose email belongs to that domain is routed through your IdP at sign-in. All configuration happens through the Super Admin Dashboard → SSO Metadata tab or via API. No code changes or vendor-side deployment work is required.

Choosing Your Setup Path

EK supports two setup paths depending on your IdP.

Generic IdP Setup

Recommended for most organizations.Works with any standards-compliant SAML 2.0 IdP — Okta, Azure AD / Entra ID, Ping, ADFS, OneLogin, Auth0, Keycloak, Google Workspace, and others. Configuration is done entirely through the Super Admin Dashboard.Use this path if your IdP isn’t Okta or Azure AD, or if you prefer the dashboard-based workflow regardless of your IdP.

Provider-Specific Setup

For Okta and Azure AD deployments.Walks through the exact screens, field values, and attribute mappings for each provider. Includes both the dashboard and API-based registration options, plus frontend configuration steps.Use this path if you’re setting up Okta or Azure AD and want step-by-step provider-specific guidance.

What’s in Each Path

  1. SAML SSO in EK — How It Works — Conceptual overview of the SAML trust exchange, SSO modes, and the browser-level redirect chain.
  2. SSO Metadata Setup Guide — Step-by-step instructions for sharing SP metadata with your IdP and uploading IdP metadata to EK.
  3. SSO Troubleshooting & Reference — Permissions, quick reference URLs, and solutions to common SSO issues.
  4. SP Metadata Endpoint — Technical reference for the EK SP metadata endpoint, including the full XML response format and related environment variables.
  1. Setting Up Okta for EK SSO — SAML settings, attribute statements, metadata retrieval, domain registration, and frontend configuration for Okta.
  2. Setting Up Azure AD for EK SSO — SAML settings, attributes and claims, metadata retrieval, domain registration, and frontend configuration for Azure AD / Entra ID.

Not Sure Where to Start?

If you’re new to SSO in EK, the SAML SSO in EK — How It Works article is the best place to begin regardless of which setup path you take. It explains the two-hostname model, the SSO modes, and the full browser redirect chain — context that will make the setup steps easier to follow.