Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Single Sign-On

            By Emalee Firestein

            Learn how to configure and manage SSO

            Team Members have two options for logging into the Kandji Web App: Standard Authentication and Single Sign-On (SSO). By default, Standard Authentication is activated for all tenants, offering login through Google, Microsoft, and email/password. Admins have the option to enable SSO using either native integrations or Custom SAML. Once an SSO setup is complete, Standard Authentication can be turned off, allowing SSO to be the only login method. SSO can also be used for Require Authentication in the Automated Device Enrollment Library Item. To learn more about requiring authentication during enrollment, see this support article

            SSO Connection Types

            Kandji currently supports the following Single Sign-on connection types. Click on one of the following connection types to learn how it can be configured. 

            Enable and Manage a Connection

            You can enable the connection once you have configured an SSO connection in both Kandji and your identity provider (IdP). 

            1. Click the ellipsis next to the connection name.
            2. Click Enable from the menu. Connections can also be re-configured, deleted, and disabled from this menu

            Considerations

            • An SSO connection does not need to be Active to be used for Require Authentication during Device Enrollment. 
            • A connection should only be Active in Settings if you want to authenticate Kandji administrators to the web app with that connection. 
            • Authentication to the Kandji Web App using SSO requires that the user has been invited as a Team Member.

            Enforcing Single Sign-On

            Once you have configured at least one Single Sign-on connection, you can disable the Kandji Standard Authentication connection. Disabling Kandji Standard Authentication will disable the ability for Kandji administrators in your tenant to authenticate via Google or Microsoft social logins, and email/password. 

            Before disabling Kandji Standard Authentication, ensure your SSO connection is functioning correctly. We suggest verifying this by using a private browser window.
            1. Navigate to the Settings page.
            2. Click the Access tab and find the Authentication section. 
            3. Click the ellipsis next to Standard Authentication.
            4. Click the Disable option.
            5. A confirmation modal will open. 
            6. Click Disable.

            If you lose access to your Kandji tenant via SSO and need to have Standard Authentication re-enabled, please contact Kandji support.

            Disabling or Deleting the Single Sign-On Connection

            If you decide to stop using SSO, you can delete or disable a connection using the same ellipses used to enable it. When you delete or disable your last Single Sign-on connection, Kandji Standard Authentication will automatically be re-enabled to prevent tenant lockout.

            Preview
            0 of 0