When a client enables SSO (Single Sign-On) in Knotch One, they control who has access to the platform. Knotch does not receive a list of all authorized users from the client.
Here’s how access works:
The client manages access internally
Knotch only becomes aware of a user after they log in via SSO for the first time
At that point, we create a record for that user in our system
We can report on active users (i.e., those who have successfully logged in), but not on inactive or uninvited users
This model ensures that identity and permissions remain in full control of the client’s IT or security team.