New Feature: Advanced SSO

06/23/2015 Posted by Brandon

We’ve released new features for advanced Single Sign-Ons, or SSO.

Our basic SSO options have been a big success – these allow users to log into Knack apps using other common accounts they already have with Google, Twitter, and Facebook:

We’ve added additional advanced SSO options so you can create additional login options.

Here’s how it works: there are two common login technologies (oAuth and SAML) used for authenticating logins. You can add any custom login that uses one of these two.

For example, you could add logins using SalesForce or LinkedIn with oAuth. SAML enables more enterprise configurations like Shibboleth and Active Directory.

Adding a custom login

To add a custom login you can use the “add a custom SSO provider” link in the Login view’s “Options” tab:

You’ll be guided through configuring the login with the right options. There’s a lot of options to configure so you may need a developer to help get them all correct.

You can also customize the login button with a color and logo. Here’s a customized LinkedIn login button:

Domain Limiting

In addition to adding new login options, both the Google and OpenID SSO providers have an option to enforce domain restrictions. This means that you can provide a domain to restrict authorization to. Only accounts with emails from that domain will be authorized.

For example, by entering “” with a Google SSO, only Google accounts with an email address using will be authorized.

Learning more

You can find the full details in our support article on logins:

We also added a recipe to our cookbook for adding a LinkedIn login:

Pricing Note: these advanced features are available on Corporate plans and above, or with an add-on to the Pro plan.