SSO Access & Knock

Passwords? Who needs them! Knock's SSO will allow teams to sign into their account seamlessly through your current login client, or through Knock's SSO API!


Single sign-on is an authentication practice that allows a user to log in with a single ID and password to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-entering authentication factors. Knock SSO is enabled across the Dashboard, Analytics, and our iOS app.


So why use SSO? Here are a few key benefits of utilizing this entry method:

  • Increased Security: by using SSO client's will be able to minimize the need to remember passwords or avoid the same password for multiple sites, which is a major security risk!

  • Ease of Access: by using SSO you will be able to breeze from online application to application, including Knock. Login to see your personal page, update your own account details and set up your profile all without having to fumble through switching accounts or looking up your logins!

What Identity Providers does Knock's SSO support?

Knock's integrated with all of the major Identity providers through our use of AWS Cognito, this includes the below list:

  • Anything that supports a SAML 2.0 integration, which is almost all Identity Providers, e.g. Active Directory, Okta, OneLogin, Idaptive, etc...

  • Facebook

  • Google

  • Login with Amazon

  • Sign in with Apple

  • OpenID Connect

How Do I Set it up? Implementation Options Include:

  • Link by Email - agents are added to the Identity Provider (e.g. Active Directory) and to Knock (via the Admin UI) with the same email address. The agent accounts flow over via a SAML integration and are then linked by the common email address.

  • Leasing Teams Provided by Identity Provider - The client places a comma-separated list of leasing teams into a custom field in their Identity Provider (e.g. Active Directory). The agent accounts flow over via a SAML integration.

  • Knock SSO API - The client calls Knock's custom SSO API to create, update and disable agents. When logging in via the Identity Provider (e.g. Active Directory), Knock uses a SAML integration to link the Identity Provider's user with an agent in Knock based on the user's unique id found in the Identity Provider.


Important caveats to remember:

While this feature is accessible for users in the Knock account, it will not be applicable to Admin users at the moment. Likewise, once a user makes the shift to SSO they will need to use that access method each time moving forward - there will be no option to use their own Knock login. However, if they do need to login the traditional way their HOUSE (Property) logins will still work. As a note, please keep in mind that House accounts will never be able to utilize Knock SSO for this reason.

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.

Articles in this section