Before you get started, you'll want to make sure that everyone on your team needing access to Kolide has an account with your SSO provider - SAML/SSO  authentication in Kolide is currently all-or-nothing, so it's important to make sure you aren't inadvertently locking someone out of Kolide!
To get started, you'll want to sign in to your Kolide account, and select your avatar on the top right corner, and click "Settings".

In the left hand menu, check out your "Security & Privacy" page to view your current sign in method. 

You will have one of the three Allowed Authentication Methods available, but you will also see that SAML-based Single Sign On is present, but not yet available. To enable this, you will need to "Configure SAML First".

This will take you to the "SAML / SSO" page (please note, you can navigate to this directly, but we wanted to show you this selection page first!).

Keep this page open, as you will need this information to integrate with your SSO provider!

Instructions for Okta

Log in to your Okta account.
Select "Applications", click the green button that says "Add Application", and then click "Create New App".

Be sure to make sure the Platform field says "Web", and select the Sign on method to indicate SAML 2.0.

Next, type in "Kolide", or whatever unique identifier you want for the app, into the "App name" field. You can pretty this up by adding our logo, which can be found here:

Once you click Next, you will need to copy and paste your unique Kolide SSO URL into the Single sign on URL field, and your Kolide Issuer URL into the Audience URI (SP Entity ID).
Use the dropdown menus to propagate "EmailAddress" in the Name ID format field, and "Email" in the Application username field.

This will take you to an optional Feedback page. You can certainly fill this out, or click "Finish".

This will take you to the new Application page. Click on the "View Setup Instructions". 

This will take you to the configuration page, where you will need to copy the unique URLs from into your Kolide setup page.

Item 1 should be pasted in the IDP SSO TARGET URL field, and the "X,506 Certificate" should be copied and pasted into the designated X,506 CERTIFICATE field in Kolide.

Hooray! This is now configured! 

But wait. There's more! You now have to go to your Security & Privacy page to enforce SAML / SSO. 

Click "Save Changes", which will now make other sign in methods inaccessible. 

Your team will see a message in their inbox letting them know of this change. 

Now, when your team signs in, they will see this:

BOOM! Now you're all set! Now get cracking :)

Did this answer your question?