Today’s release of SSO unlocks the ability to enforce specific auth workflows for Kandji admins logging into the Kandji web app, simplifying password management and enforcing secure access for admins managing your devices with Kandji.
This release supports three primary frameworks:
- Google Workspace
- Office 365 / Azure Active Directory
- SAML: A common framework in identity management that allows you to set up custom connections with other providers
Once an SSO connection is configured and established, you can choose to enforce authentication through your SSO provider by hiding the existing social login buttons and the email/password option, giving the admin only a single, secure method for signing in (this is optional, not required).
We took a unique approach to our implementation of SAML by enabling an unlimited number of SAML connections. We’ve heard from customers that this will enable you to support partners, managed service providers, or more complex environments without having to limit sign-in options.
We also support advanced SAML functions such as Single Logout (SLO), a more robust security measure which will log users out of their IdP if they log out of Kandji. We also support encrypted SAML assertions and IdP or SP initiated authentication flows.
Future versions will support pre-built connections with other providers such as Okta, OneLogin, and more. This release of SSO is also laying the groundwork to support Enrollment Customization.
Note: SSO is available upon request only, so please reach out to us if you’re interested. It will be included at no additional cost for customers in the 500 device tier and above. It will be available as an add-on for customers in lower tiers at $150/month, billed annually. See our pricing page for details.
For more information, read our SSO knowledge base article.