Knack Operations
  • TABLE OF CONTENTS
  • Knack Operations Read-Only
  • Knack
    • Platform Overview
    • Functionality Guide
    • Style Guide
    • Banner Logos
    • Rounding Knack Costs Correctly
    • URL Parameters to populate a form
    • Importing Records
    • Copy an Application
  • Knack Security
    • Single Sign On (SSO)
      • Configuring a new Knack App with certificates
      • Enabling SSO in Knack
      • Configuring new certificates for all Knack Apps - When certs expire!
        • SSL Certificate Creation
  • Knack Integrations
    • Open Data Portal - Socrata Integration
    • ArcGIS Online Integration
    • CSR configuration prep in Knack
      • Creating CSR Page components
  • Knack Code
    • Code Version Control
    • GitHub Code Workflow
    • CODE: Login Buttons/App Setup
    • App Specific Custom Code
      • CODE: Vision Zero in Action
    • CODE: Knack Functionality
      • Big Buttons
      • Save Knack Record ID
      • Redirect Blank Menu Pages
      • Disable Trigger Buttons
      • Disable Modal Background Click/Touch
      • Disable Breadcrumb Navigation Links
      • Remove Back Links
      • Back Link Buttons
      • Return to Previous Page Button
      • Auto Input Validation Form Fields
      • Conditionally Hide/Show Form Fields
      • Return to Top Button
      • Refresh View Button
      • Detect IE
      • Set Map iFrame Source URL
    • CODE: Knack Look & Feel
      • Multipage Step Indicator
      • Modal Close Styling
      • Relabel Attachment Links
      • Navigation Dropdown Menu Buttons
      • In-Form Dropdown Menu Buttons
      • Trigger Buttons
      • Hyperlink a Form Field Label
      • Remove Table Header
      • Modify Table Summary Rows
      • Convert Values to UPPERCASE (Option A)
      • Convert Values to UPPERCASE (Option B)
      • Highlight Details View Label Body & Table Value
      • Report Headers
      • Report Filters Container Size
      • Report Element Colors
      • HighCharts Report Styling
      • Font Awesome Icons
    • CODE: Mobile Optimization
      • Detail Labels
    • CODE: Retrieve builder URL of Email Rules
    • CODE: Knack Print Page
      • Print Header with Page Break/Number
      • Print without overlapping views
      • Print using Menu Button
      • Print using Trigger Button
      • Show Character Limit of Input
      • Add fixed Footer on Print
  • AMD | DATA TRACKER
    • AMD | Data Tracker
    • Asset Changes
    • CSR | Flex Note Archiving
    • Cameras
    • Fix Broken CCTV Device Status Page Links
    • Performance Measures
    • Builder Notes
      • Configure New AMD Asset in Data Tracker
      • Data Tracker | Annual Signal and PHB Request Ranking
      • Page Rules (TMC) CSR
      • NOTIFICATION | Construction Status Email
      • NOTIFICATION | One Day Signal Engineer Due Date
      • DETAILS | Preventative Maintenance (PM)
      • DETAILS | Signal Detectors Object Tables, Reports, misc..
      • DETAILS | Signals
      • Signals Work Order | EDIT FORMS
      • Signals Work Order | FORM LOCATIONS
      • Editing Signals Work Order | NEW FORMS
    • Warehouse Inventory - Updating Journal Vouchers (JV) information
    • Cancel Transactions & Replenishments
    • Adjustment Transaction, Unit Cost Adjustments & Re-Stock
    • DTS | Adminstrative Action
  • DTS | Data & Technology Services Portal
    • DTS | Data & Technology Services Portal
    • Dataset inventory
    • Application Inventory
  • Finance & Purchasing
    • Finance & Purchasing Portal
    • Finance & Purchasing
      • Training, Quiz, Account Access Process
      • Purchase Request Statuses
      • List of emails generated
      • Re/Un-assigning Approver of a PR
      • Change PR Statuses (backend)
      • Invoice: FAQs
    • Warehouse Inventory
      • Adding a new inventory item
  • HR | Human Resources
    • HR | Human Resources Portal
    • Integrations TPW HR Portal
      • Integration HR Portal -> TPW Hire?
    • How to add a new HR Form
  • TPW Hire
    • TPW HiRe | Hiring Resource
  • PEP | Parking Enterprise Portal
    • PEP | Parking Enterprise Portal
    • Dispatch Resource Tracking Log Archiving
    • Update Parking Citation Report by Fiscal Year (FY)
  • ROW | Right of Way Portal
    • ROW | Right of Way Portal
    • COS JV Update
  • RPP | Residential Parking Permit Portal
    • RPP | Residential Parking Permits
    • Residential Parking Permits
    • RPP Migration
  • SBO | Street & Bridge Operations
    • SBO | Street & Bridge Operations
  • SMD | Signs & Markings Operations
    • SMD | Signs & Markings Operations
    • Table of Contents
    • Workflow
    • Markings | Work Orders
      • Process & Module Functionality
    • Markings | Service Requests
      • Process & Module Functionality
    • Signs | Work Orders
      • Process & Module Functionality
    • Signs | Service Requests
      • Process & Functionality
    • Contractor | Work Orders
      • Process & Module Functionality
    • Sign Fabrication Work Orders
      • Process and Functionality
    • Special Functions/Codes
      • Work Order Attachments
  • SMO | Smart Mobility Operations
    • SMO | Smart Mobility Portal
  • SMS | Shared Mobility Services
    • SMS | Shared Mobility Portal
    • License & Permit Management
    • Sources for Monthly Trip Records
  • STREET BANNER PROGRAM
    • Street Banner Program
    • Street Banner Program
  • TDS | Transportation Development Services
    • TDS | Transportation Development Services Portal
    • Color Palette
    • Role Permissions Guide
    • App Logic
      • Calculating Date Values for Reporting
      • Incrementing Review Cycle Automatically
      • Calculating Review Time & On Time Percentage
      • Calculating Cycle Completion Percentage
      • Calculating an Expiration Date
      • Automatic Due Date with Manual Adjustment
      • Roll up Child Object Conditionals
      • Converting an Entered Percentage to a Percentage Value
      • Create a Connection Link Field to View a Searched Record
      • Extracting Location Coordinates to add a Map Marker Map
    • TDR | Development Reviews
    • TIA | Traffic Impact Analysis
    • TDA | Transportation Development Assessments
  • Traffic Register
    • Traffic Register
    • Table of Contents
    • Workflow
    • Modules
    • Special Functions/Code
    • Permissions
  • TPW Forms
    • TPW Forms
  • Urban Forestry
  • VZA | Vision Zero in Action
    • VZA | Vision Zero in Action
    • Batch Copy Process for VZA Assignments
    • Calculate School Closures
    • Login Process for Officers
    • Officer Records
    • Update reports in Power BI
    • Use Tasks for Creating Child Records
    • Use Tasks for Notifications
  • O365 Resources
    • Resources
Powered by GitBook
On this page

Was this helpful?

  1. Knack Security
  2. Single Sign On (SSO)

Configuring a new Knack App with certificates

How to setup SSO in Knack for the first time

PreviousSingle Sign On (SSO)NextEnabling SSO in Knack

Last updated 3 days ago

Was this helpful?

Log into the City's and create a request indicating that you want to create a Knack application in Microsoft Entra and assign to the ESA (Enterprise Systems Administration) group. Make sure to indicate yourself and/or team members as Configuration Owners so you can setup SSO in Entra.

Create a login enabled Knack page if one has not yet been made.

Then, navigate to the login page Settings in the Knack builder by selecting the pencil icon on the login form.

Select the Add Provider button

An Add Credentials modal will appear, you will select SAML 1.1 or 2.0 for the Provider Type

Enter COACD as the Provider Name.

We use custom buttons for our logins but if your app is not, the button and font colors below are the standard colors.

Provider Name: COACD

Button Color: #163f6e

Button Font Color: #ffffff

Next enter Provider Settings. Provider Entry Point should remain the same for all apps unless something changes with Azure Active Directory. The Provider Entry Point can be confirmed with CTM or found in the metadata file near the <SingleSignOnService> tag from its Location attribute. https://login.microsoftonline.com/5c5e19f6-a6ab-4b45-b1d0-be4608a9a67f/saml2.

For Issuer, this uniquely identifies your app and cannot change once set since CTM uses this to name the app instance in Entra. The app instance must be recreated in Microsoft Entra if this is to change in the future. Issuer is prepended with atd.knack.com/ following by your app-name

Leave the Identity Provider's certificate and Private signing certificate boxes empty. As of Mar 2025, the IP Cert in now Required by Knack. To bypass this step you will need to paste a formatted cert in this box so we can save and download the metadata file. Do Not use an existing app's IP Cert. Instead temporarily enter the formatted Decryption Private Cert from 1Password until we can replace with the real IP Cert from Microsoft Entra.

Locate our self-signed SSL certificates in 1Password as Self-Signed x509 SSL Certificates for SAML/ADFS.

Our Self-Signed certs are listed under the valid date range and show Valid From and Valid To dates.

Logout URL can be left blank until needed and if applicable to your app.

Authentication Context will be the same for all apps, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

As of 2024, the Authentication Context no longer applies, leave as None

ID Property and Email Property will be identical and the same for all apps since users use their email as their identity to sign into our Knack apps. http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

First Name Property and Last Name Property will be left blank since they are not necessary.

Select Save to save all changes.

Now that we created and saved our Provider, we download the metadata file for the SSO by selecting the download button.

This will open in a browser tab. We will want to save this as an XML file so we can upload to Microsoft Entra. Follow the Microsoft Entra documentation in the Apps Team Wiki for further guidance on setting up an app in Entra.

Microsoft Entra Admin Console

In Assignment Required?, set it to "No"

Navigate back to the custom SSO provider setup form in the Knack builder.

In the MS Entra metadata file, find the Identity Provider certificate in the metadata under the Signature tag, then the KeyInfo tag, then the X509Certificate tag.

Click the "Format X.509 Certificate" button, then copy the contents of output box labeled "X.509 cert with header".

Go back to the login page Settings in the Knack builder application you're configuring. Paste the formatted certificate into the Identity Provider's certificate field in the Knack login config. (removing the asterisks) and additional spaces

Be sure to Save changes.

You are nearly finished! You must enable the SSO on each login page (point of entry) by selecting the checkbox

The Final Step is to save the Identity Provider's Certificate (formatted X.509 with headers) in 1Password on the Knack ADFS X.509 Identity Provider Certificates record.

Locate the document in 1Password in the Knack Shared folder. Select Edit and Make a new entry for the new Knack app. Enter the app name, set the field as a password, paste the certificate, and add the IP Cert label. Lastly, Save.

Select Copy for the Decryption Private Key and paste in the Decryption private certificate box. Do the same for the Decryption Public Key and paste in the Decryption public certificate box. These certificates have already been formatted with headers with the and the .

When app configuration for an app in Entra is complete, download the Federation Metadata XML file.

Copy and paste the contents of the X509Certificate tag into the .

You may also want to confirm you have the JS & CSS necessary to render the SSO buttons properly.

Private Key formatter
X509 Formatter
Microsoft Entra Admin Console
X509 Formatter
1st Time App Setup with Login Buttons
ServiceNow Portal
Make sure that "Assignment required" is set to "No", else it won't work!
If given link to admin console