Hello hello!Posting some newly released features here in case you missed the release notes today. I know the Auto-Link to first page has been a pain point for Classic users when switching to Next-Gen, and Advanced SSO is no longer a blocker for moving! 
New: Enhanced Single Sign-On (SSO) Capabilities
We’re excited to announce significant enhancements to our Single Sign-On (SSO) functionality in Next-Gen, designed to provide security, flexibility, and a more seamless login experience for your users. This release introduces comprehensive support for both SAML and OAuth authentication protocols for eligible account types, alongside new advanced SSO configuration options for login pages.
What You Can Do
For supported plan types (Corporate & above, or with the SSO add-on), Next-Gen now robustly supports integrating with your preferred Identity Providers (IdPs) through industry-standard protocols. This allows your users to access your Knack applications using their existing corporate credentials, eliminating the need for separate usernames and passwords.
SAML Single Sign-On
You can now configure SAML-based SSO to connect your Next-Gen Knack apps with major Identity Providers such as Okta, Azure AD, and others. When a user initiates a login, Knack acts as the Service Provider, redirecting the user to your IdP for authentication. Upon successful verification, the IdP sends a signed SAML assertion back to Knack, seamlessly logging the user in or creating a new account if it is their first visit.
The setup process involves exchanging configuration details between Knack and your IdP, including generating a metadata file in Knack and mapping user attributes to ensure accurate profile creation.
OAuth Single Sign-On
In addition to SAML, we have introduced comprehensive OAuth SSO support. While our documentation uses GitHub as an illustrative example, you can integrate with other OAuth identity providers. The configuration process generally involves registering an OAuth application within your chosen provider to generate the necessary Client ID and Client Secret, which are then configured within your Knack app’s SSO provider settings. When configuring your chosen provider, ensure that users’ email addresses are shared correctly during login to guarantee successful account matching and creation within Knack.
Advanced SSO Authentication Options
To provide app owners with granular control over the login experience and security posture, we have introduced new advanced SSO authentication modes. These settings are configured on a per-login-page basis, allowing you to tailor the access requirements to your specific needs.
Under the Access tab for any login page, you can now exclusively dictate the authentication methods available to users:
| Authentication Mode | Description |
|---|---|
| SSO Only | Enforces strict SSO authentication. Users must log in via the configured Identity Provider; traditional email and password logins are disabled for this page. |
| Email/Password or SSO | Offers flexibility by allowing users to choose between logging in with their traditional Knack email and password credentials or using the configured SSO provider. |
| Email/Password Only | Disables SSO for the specific login page, requiring users to authenticate using their Knack email and password. |
These new options empower you to enforce stricter security policies where necessary or provide flexible login pathways depending on the user base accessing a particular page.
Getting Started
To begin utilizing these new features, navigate to your app’s settings and explore the User Logins > Login Access section to add a new SSO Provider. For configuring the advanced authentication modes, access the settings of your specific login pages and navigate to the Access tab.
For detailed, step-by-step instructions on configuring SAML and OAuth SSO, please refer to our comprehensive documentation:
Implementing SAML Single Sign-On | Implementing OAuth Single Sign-On
New in Next-Gen: Auto-Link Toggle for Link Group Elements (Next-Gen)
What You Can Do
When your Link Group is set to the tabbed option, you can enable Auto-Link to automatically open the first link of the view when the page loads. This eliminates the experience of landing on an empty-looking page when a link group has no elements of its own. Users are taken directly to the first link’s content without having to click anything, while the menu remains visible as they navigate through any child pages.
To enable it, look for the toggle in your Link Group tab settings:
“Navigate to the first link automatically. Useful when all Links go to child pages of this page.”
The first link in the group determines whether the entire link group displays. If that first link is an external URL, opens in a new tab, or isn’t a child page, the link group may not render at all. To fix this, reorder your links so the first one is a child page that opens in the same tab.