Home
Documentation
Start typing to search…
  1. USERS & LIVE APP ACCESS
  2. User Roles and Permissions
  3. Protected Pages Overview

How to Set Up Single Sign-On for Protected Pages

Enable Google Single Sign-On (SSO) for your Knack protected pages so users can log in with their existing Google accounts.

Goal

Use this guide when you want to allow users to log in to your protected pages using their existing Google accounts instead of creating separate username and password credentials. For example, enabling Google SSO for a team collaboration app where all users have Google Workspace accounts, or offering social login options for a community platform to reduce registration friction.

Prerequisites

  • You must have a protected page already created (see How to Create a Login-Protected Page)
  • You must have access to the Builder to modify page settings
  • Users must have Google accounts to use this authentication method

Understanding Single Sign-On

Single Sign-On (SSO) allows users to authenticate using their existing accounts from trusted identity providers (like Google) instead of creating and managing separate credentials for your Knack app. Benefits include:

  • Improved user experience: Users don't need to remember another username and password
  • Faster onboarding: Users can access your app immediately using their existing Google account
  • Enhanced security: Leverages Google's authentication infrastructure and security features
  • Reduced support burden: Fewer password reset requests and login issues

Knack currently supports Google SSO integration for protected pages. When enabled, users can choose to log in with their Google account or use traditional email and password authentication.

Step-by-Step Instructions

Enabling Google SSO for a Protected Page

  1. Navigate to the Pages section in the Builder.
  2. Click on the protected page where you want to enable SSO.
  3. Click the Access tab in the page settings panel.
  4. Locate the Single Sign-On section (this appears after you've configured basic page protection settings).
  5. Click the Add Google SSO button or toggle.
  6. A configuration dialog will appear. Follow the on-screen instructions to complete the Google SSO setup. You may need to authorize Knack to connect with Google's authentication services and configure which Google accounts can access your app (any Google account, or specific domains).
  7. Click Save to enable Google SSO for this protected page.

Configuring SSO Access Restrictions

After enabling Google SSO, you can configure additional restrictions:

  1. In the Access tab, locate the Google SSO settings.
  2. Choose your access level: Any Google account allows any user with a Google account to log in. Specific Google Workspace domain restricts access to users with email addresses from your organization's domain (e.g., @yourcompany.com).
  3. If using domain restrictions, enter your Google Workspace domain.
  4. Click Save to apply the restrictions.
📘

Domain restrictions for internal apps

Domain restrictions are particularly useful for internal business applications where you want to ensure only employees can access the app.

Testing Google SSO

To verify that Google SSO is working correctly:

  1. Click Preview in the top-right corner to open your Live App.
  2. Navigate to the protected page. You should see a login screen with both traditional email/password fields and a "Sign in with Google" button.
  3. Click the Sign in with Google button.
  4. You'll be redirected to Google's authentication page.
  5. Sign in with a Google account (or select an account if already logged in to Google).
  6. You'll be redirected back to your Knack app and should now have access to the protected page.
  7. If access is not working as expected, return to the Access tab and verify your SSO configuration.

Managing Users Who Log In with Google SSO

When users log in via Google SSO for the first time:

  1. Knack automatically creates a user record in your user role table.
  2. The user's email address from their Google account is used as their identifier.
  3. Navigate to the Data section and select your user role table to see these automatically created user records.
  4. You can edit these records to assign additional roles or permissions, add custom field data (name, department, etc.), and update their status or access level.

Disabling Google SSO

If you need to remove Google SSO access:

  1. Navigate to the Pages section and click on the protected page.
  2. Click the Access tab.
  3. Locate the Google SSO settings.
  4. Click Remove Google SSO or toggle it off.
  5. Click Save to apply the changes.
⚠️

Users will need new credentials

Users who previously logged in with Google SSO will need to use the password reset process to set up traditional email/password credentials if SSO is disabled.

SSO Configuration Considerations

Maintaining Multiple Authentication Methods

Google SSO works alongside traditional email and password authentication, giving users the choice of which method they prefer. For critical applications, consider maintaining both options to ensure users always have a way to access necessary content if Google services experience outages.

Account Linking

If a user first registers with an email/password and later tries to log in with Google SSO using the same email address, Knack will recognize this as the same user and link the accounts. User data and permissions remain consistent regardless of which authentication method they use.

SSO and User Access Control

SSO authentication works seamlessly with role-based access control. When users log in via Google SSO, they are still subject to the same role and permission restrictions as users who log in with traditional credentials. Ensure that users logging in via SSO are assigned to the appropriate roles.

Security Considerations

When implementing SSO, keep in mind that user access is tied to their Google account status. If users lose access to their Google accounts, they won't be able to log in through SSO.

Best practices include maintaining traditional authentication as a backup option, regularly reviewing which users have SSO access, using domain restrictions for internal business applications, and monitoring login activity for unusual patterns.

Common Use Cases

Google Workspace Organizations: Enable SSO with domain restrictions (@yourcompany.com). Employees can access internal apps using their work Google accounts with no need to manage separate credentials.

Public-Facing Community Platforms: Enable SSO for any Google account. Reduces registration friction so new users can get started immediately without creating new credentials.

Educational Applications: Enable SSO with domain restrictions for students and faculty. Leverages existing school Google Workspace accounts and simplifies access management for administrators.

Next Steps

Updated about 2 hours ago