Enabling Single Sign-On (SSO) for Knowby via Generic OpenID Connect (OIDC)
This guide is for organisations that use a custom or generic OIDC-compliant Identity Provider (IdP), such as Okta, Auth0, PingFederate, or Keycloak. By following these steps, you will create a secure connection that allows your team to log in to Knowby using their existing company credentials.
Step 1: Register Knowby in your Identity Provider
Log in to your Identity Provider’s admin console and register Knowby as a new Web Application. Use the following settings during registration:
-
Application Type: Web Application.
-
Grant Type: Authorisation Code (standard for OIDC).
-
Sign-in Redirect URIs: You must add both of the following authorised callbacks to your configuration:
-
https://auth.knowby.one/__/auth/handler -
https://knowby-pro.firebaseapp.com/__/auth/handler
-
-
Scopes: Ensure the application is authorised to request the following standard scopes:
-
openid(Required for authentication). -
profile(To display the user's name). -
email(To identify the user).
-
Step 2: Collect your Integration Details
After registering the app, you will need to retrieve the following technical values to provide to the Knowby team:
| Technical Field | Description | Example |
| Issuer URL | The unique "home" URL of your Identity Provider. | https://sso.yourcompany.com |
| Discovery URL | The metadata endpoint (usually the Issuer URL + /.well-known/openid-configuration). |
https://sso.yourcompany.com/.well-known/openid-configuration |
| Client ID | The unique public identifier for Knowby in your system. | 0oa1abc2def3ghi4j5k6 |
| Client Secret | The secure key used to verify the connection. | ABCD-1234-EFGH-5678 |
Step 3: Submit your Integration Request
To complete your setup, please provide the details gathered in Step 2 through our secure SSO onboarding form.
[Open Secure SSO Onboarding Form]
Note: For security reasons, please do not send Client Secrets via standard email. Use the secure form above, which will automatically raise a setup ticket with our engineering team.
Technical Note for Admins
Knowby utilises the standard OpenID Connect Discovery protocol. If your IdP supports it, providing just the Discovery URL allows our system to automatically fetch your authorisation, token, and userinfo endpoints, reducing the risk of manual entry errors.