Connection overview
Last updated June 26th, 2024
You can connect Knox Manage to various third-party directory and identity provider services that manage enterprise employee authentication and employee information, such as user IDs. This enables sync of required information between Knox Manage and the enterprise directories, and also helps authenticate users when they sign in to enrolled devices.
Depending on your enterprise’s directory services and the user types defined by your identity providers, you can configure various settings for sync and authentication. The following table provides information about the directory integrations supported by Knox Manage.
Supported IDPs | Supported sync | Supported protocol | Support for MFA | Description |
---|---|---|---|---|
Knox Manage server | N/A | N/A | N/A | Click User in the Knox Manage console and manually add users |
On-premises AD |
|
|
N/A |
|
Microsoft Entra Domain Services |
|
|
N/A | For user data sync, set LDAPS server as Microsoft Entra Domain Service. For details, see Connect to AD/LDAP. |
Microsoft Entra ID (Graph API) |
|
|
Yes | For user data sync and authorization, connect to Microsoft Entra ID by integrating with Microsoft Graph API. For details, see Connect to Microsoft Entra ID. |
Okta (SCIM) |
|
|
Yes | For user sync, SCIM provisioning setting is required. For user authorization, OIDC authentication setting is required. For details, see Connect to Okta. |
Ping Identity (SCIM) |
|
|
Yes | For user sync, SCIM provisioning setting is required. For user authorization, OIDC authentication setting is required. For details, see Connect to Ping Identity. |
Consider the following while setting up your integrations:
-
OIDC-based IDP direct authentication is newly supported in modern IDPs, such as Microsoft Entra ID, Okta, and Ping Identity.
-
Okta and Ping Identity require additional OIDC settings to support IDP direct authentication and MFA.
-
For Microsoft Entra ID, OIDC authentication is covered under the Microsoft Entra ID integration settings, and additional settings are not required.
-
-
Multi Factor Authentication (MFA), supported in the modern IDPs Microsoft Entra ID, Okta and Ping Identity, is set directly in each IDP server. Knox Manage follows the MFA set in the IDP server.
-
Knox Manage also provides a custom connection option in case,
-
if your enterprise’s directory services are not included in the table
-
if you want to customize protocol used for user sync and authentication
-
For details, see Add a custom OIDC connection, Add a custom SCIM connection, Add a custom LDAP connection.
Is this page helpful?