Edit

Microsoft Entra SSO integration with Kno2fy

  • Article

In this article, you learn how to integrate Kno2fy with Microsoft Entra ID. Kno2fy empowers healthcare organizations to send, receive, and find patient information across the healthcare ecosystem with just a few quick clicks. When you integrate Kno2fy with Microsoft Entra ID, you can:

  • Control in Microsoft Entra ID who has access to Kno2fy.
  • Enable your users to be automatically signed-in to Kno2fy with their Microsoft Entra accounts.
  • Manage your accounts in one central location.

You'll configure and test Microsoft Entra single sign-on for Kno2fy in a test environment. Kno2fy supports only SP initiated single sign-on.

Note

Identifier of this application is a fixed string value so only one instance can be configured in one tenant.

Prerequisites

To integrate Microsoft Entra ID with Kno2fy, you need:

  • A Microsoft Entra user account. If you don't already have one, you can Create an account for free.
  • One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
  • A Microsoft Entra subscription. If you don't have a subscription, you can get a free account.
  • Kno2fy single sign-on (SSO) enabled subscription.

Add application and assign a test user

Before you begin the process of configuring single sign-on, you need to add the Kno2fy application from the Microsoft Entra gallery. You need a test user account to assign to the application and test the single sign-on configuration.

Add Kno2fy from the Microsoft Entra application gallery to configure single sign-on with Kno2fy. For more information on how to add application from the gallery, see the Quickstart: Add application from the gallery.

Create and assign Microsoft Entra test user

Follow the guidelines in the create and assign a user account article to create a test user account called B.Simon.

Alternatively, you can also use the Enterprise App Configuration Wizard. In this wizard, you can add an application to your tenant, add users/groups to the app, and assign roles. The wizard also provides a link to the single sign-on configuration pane. Learn more about Microsoft 365 wizards..

Access Microsoft Entra information in Kno2fy

  1. Login to https://kno2fy.com as a Network Administrator.
  2. Click the settings gear in the right-hand corner at the top of the screen.
  3. Under Network, Click Identity Provider.
  4. In the dropdown, Select Microsoft Entra ID.
  5. Continue setup in Configure Microsoft Entra SSO section below.

Kno2fy will display the information needed to setup the Basic SAML Configuration

Screenshot of Microsoft Entra Saml Setup Information.

Configure Microsoft Entra SSO

Complete the following steps to enable Microsoft Entra single sign-on.

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.

  2. Browse to Identity > Applications > Enterprise applications > Kno2fy > Single sign-on.

  3. On the Select a single sign-on method page, select SAML.

  4. On the Set up single sign-on with SAML page, select the pencil icon for Basic SAML Configuration to edit the settings.

    Screenshot shows how to edit Basic SAML Configuration.

    To access the information to setup Basic SAML Configuration review the Microsoft Entra Information Section above.

  5. On the Basic SAML Configuration section, perform the following steps:

    a. In the Identifier textbox, paste the value from: Identifier (Entity ID)

    b. In the Reply URL textbox, paste the URL from: Reply URL (Assertion Consumer Service URL)

    c. In the Sign on URL textbox:

    Note

    This value will appear once the Kno2fy Identity Provider has been saved. For now leave it blank.

  6. Save the Basic SAML Configuration section.

  7. Scroll down and copy the App Federation Metadata URL generated.

  8. Continue setup in the Configure Kno2fy SSO section

Configure Kno2fy SSO

  1. Paste the App Federation Metadata URL from Microsoft Entra ID SSO setup into the App Federation Metadata URL field inside Kno2fy.

  2. In the Authentication Settings, login without SSO will be off by default.

    To allow time to conduct a login test, the Allow non-admins to bypass SSO and login with a Kno2 username and password setting can be enabled temporarily. It is recommended this setting remain off once SSO is fully enabled and setup.

  3. Click the Save button to complete the setup.

Once complete, an SSO Integration Activated banner will appear at the top of the screen. Copy the URL and paste the URL into the Sign on URL section of the Basic SAML Configuration Configure Microsoft Entra SSO

Create Kno2fy test user

In this section, you create a user called Britta Simon at Kno2fy. Work with Kno2fy support team to add the users in the Kno2fy platform. Users must be created and activated before you use single sign-on.

Test SSO

In this section, you test your Microsoft Entra single sign-on configuration with following options.

  • Click on Test this application, this will redirect to Kno2fy Sign-on URL where you can initiate the login flow.

  • Go to Kno2fy Sign-on URL directly and initiate the login flow from there.

  • You can use Microsoft My Apps. When you select the Kno2fy tile in the My Apps, this will redirect to Kno2fy Sign-on URL. For more information, see Microsoft Entra My Apps.

Additional resources

Next steps

Once you configure Kno2fy you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. Learn how to enforce session control with Microsoft Cloud App Security.