How Knack Works
Design Your Database
Manage Your Records
Build Your Live Application
View and Share Your App
Do More With Knack
Connect Related Data
Users & Access
Calculations & Logic
Emails & Notifications
Search & Queries
Reporting & Dashboards
E-Commerce & Payments
Tables & Connections
Plan Your Connections: Complex Example
Working With Tables
Plan Your Connections: Simple Example
Plan Your Tables
Use Connections in Your App
Connecting Records Together
Connections: Troubleshooting & FAQs
Numeric Equation Functions
Date Equation Settings
Numeric Equation Settings
Text Formula Functions
CSV Format Guide for Importing
Working with Records
Deleting a Page That's Being Linked to
Working with Pages
Navigating the Page Preview
Printing Pages & PDFs
Grid Column Settings
Source: Which Records Will the View Display
Using Action Links
Combining Fields from Connected Records in Views
Using Record Rules
Using Display Rules
Using Submit Rules
Users & Logins
Users and the Page Menu
Manage Roles & Permissions
Single Sign-On with Google, Facebook, Twitter, and Custom
Manage User Records
Logins and Registrations
Live App Security Settings: HIPAA Plans
Live App Security Settings
Tasks & Emails
How do I cancel my Knack account?
I'm over the storage limit for my account. How do I add more storage or get under the limit?
Need account access or to transfer account access because account owner or colleague left the company
I'm over the record limit for my account. How do I add more records or get under the limit?
Is there an option to pay via invoice, check, wire transfer, or something other than a credit card?
How do I freeze or pause my Knack account?
Where can I find a copy of my receipt or invoice?
How do I add more API calls to my account?
How do I change the favicon for my app?
How do I backup or export my apps and data?
How can I track what users are doing in my app?
How do I remove the "Powered by Knack" logo at the bottom of my app?
How do I give Builder access to a colleague or developer for one of my apps?
How do I white label my app?
How do I copy an app from my account to another account?
How do I show multiple dates on a calendar?
How do I add a logo to my app?
How do I find the most recent date from a connected table?
How do I create a field that always shows today's date?
Can I share or connect data between apps?
How do I create an "If, Then" or conditional equation?
How do I merge my apps, or copy pages, tables, or other app elements between my apps?
The menu isn't showing for my app on mobile devices. How do I fix that?
Is there a way to have new users be automatically logged-in after they register?
How do I bulk upload or import multiple files?
How do I move or copy fields or data from one table to another?
How can I show a customer's payment history if I'm collecting payments through my Knack app and through cash or check?
Is there a way to add a display rule to multiple columns at one time instead of having to update each column individually?
Do I need a separate user role table for my Vendors, Customers, Employees, Contacts, etc.?
How can I set up my app so users see only their own data?
Can I combine two date fields into a single date field? For example, combining a start and end date into a single field?
Does Knack offer a service for building apps or have developers I can hire?
How do I bulk upload or import multiple images?
How can I change the color of something in my app?
Is it possible to display more than 100 records at a time on a grid, list, or search view?
Can I migrate or transfer data from Zoho, Quickbase, or TrackVia?
Can I add chat or messaging to my app?
Can I sell my Knack apps?
Can I use Knack on mobile devices?
Do you have a sandbox or developer environment?
Can I send SMS or text messages using Knack?
Can I integrate Knack with other data, products, and services?
Can I create invoices and accept payments?
Can I have an app in a language besides English?
Can I email PDFs or other attachments to users with Knack?
Can I add Google Analytics to my Knack app?
Can I migrate my Access, Filemaker, SQL, or other databases?
Can I prototype for others?
Can I customize the look and feel of my Knack pages?
Can I use a barcode or credit card scanner with Knack?
How secure is Knack?
Does the signature captured through a signature field constitute a legally binding signature?
Does Knack offer a partner program?
How does Knack work on mobile devices? Is it mobile-friendly? Can users download my apps?
Is Knack GDPR compliant?
Storing sensitive data (credit cards, social security numbers, etc.)
Will Knack sign an NDA (Non-Disclosure Agreement)?
Which browsers do you support?
How do I batch download all of the images and files In my app?
I'm seeing an odd character when importing data. How can I get rid of it?
How do I update existing data using an import?
My import is failing or getting stuck. What do I do?
Can I undo or reverse an import?
I'm having trouble importing into a specific type of field. What can I do?
Some of my fields aren't importing correctly. How can I fix that?
I'm having trouble importing into a connection field. What can I do?
Can I import something other than data? Like tables, pages, views, etc?
My import is taking a long time. Can you take a look?
I'm getting an error when importing. What do I do?
Do the validation rules on fields trigger when importing data?
Can I schedule or automate imports?
Can my users import data from the live app, instead of going through the builder/back-end?
I am importing data for the first time. How do I do that?
Can I import data into more than one table at the same time?
How To Guides
Add Functionality to Your Live App
How To Create Discount Codes
Create an Add To Favorites Feature
How to Access Private Records Without a Login
Accept Payments in a Live App
Manage Your Records
Use an Edit Form to Create Records If They Don't Exist
Track Which User Last Updated a Record
Copy a Record Using Record Rules
Track When Records are Created and Updated
Create a Version History for Records
Use Zapier to Insert Connected Records
Work with Connected Records
How to Show Multiple Fields in Your Connection Drop-Down
Showing Parent-Child Records in the Live App
How to Create Dynamic Dropdowns in Forms
Add Read-Only Fields to a Form
How to Change the Layout of Forms
Create a Multi-Part Form
How to Allow Users to Add New Options in Forms
How to Add Instructions to a Form
How to Customize the Text on a Submit Button
How to Automatically Capture a User’s Location on a Form
How to Use URL Variables to Pre-Populate a Form
How to Add a Map to a Details View
How to Add Connection Links to Views
How to Add Inline Editing to a Grid
Create a Print-Friendly Invoice Page
How to Click on an Image to Go to Another Page
How to Add Groupings to a Grid
Users & Logins
Force Users to Reset Their Passwords
Save a User's Payment Method
Create a Single Login Page for Multiple User Roles
Add Read-Only Access For Users
Show Records Connected To The Logged-in User's Company Or Other Group
Show Records Connected to the Logged-in User
Create an Admin User Role to View All Records
Workflow & Automations
Add a Pipeline to Your App
Create a Registration Form with Limited Availability
Add Stages to Your App
Store Multiple Images or Files for Individual Records
Use Multiple Image Sources for a Single Image Field
Create a Button or Link that Updates a Field to a Custom Value
Notify a User That an Item is Ready for Review
Add Assignments to Your App
Approve New Records Before Displaying Them
Add Notification & Reminder Emails to Your App
Add Status Indicators to Your App
Logic, Equations & Formulas
Start an Auto Increment Field from Any Number
Display a Message When a Deadline is Approaching
Generate Simple Numeric Barcodes Automatically
How to Set a Random ID
Calculate Age in Years from a Birthday
How To Number Line Items
Show Upcoming Birthdays
How to Extract the Start and End Dates from a Date Field
How to Display Multiple Date Formats Using a Single Date Field
Reports, Queries, and Summaries
Build an Inventory Manager App
Build a Quiz App
Build a Warehouse Manager App
Build a Member Directory
Build an Orders App
Build a Map Directory or Store Locator App
Images & Files
Manage Your Account
Manage Your Account
About Knack Accounts
Account Plans and Billing
Managing Your Apps
Managing Your Account Settings
Sharing Apps with Shared Builders
App Settings: Map Provider
Script Attack Protection: Whitelisted Custom Code Elements and Attributes
Script Attack Protection: Protected Areas
Security & Infrastructure
Security Best Practices
Builder Security Settings for All Knack Plans
Builder Two-Factor Authentication
Table of Contents
- All Categories
- Builder Guide
- App Customization
- Embedded Login Security Settings
Embedded Login Security Settings
Updated by Danielle Kellogg
When using logins on an embedded app, there are two settings options available for how user logins are managed, Cookies and Tokens. Each option will give your users a different login experience:
- Users logging into your embedded app will be redirected to a consent screen to log in.
- White labeling, the option to conceal Knack’s name in the URL, is not available with this option.
- Users logging into your embedded app will log in using the Knack login view.
- White labeling is available with this option, so Knack.com will not appear in the URL.
- This is less secure than using Cookies.
Embedded Login Options
There are two different types of login options, each with trade-offs to consider that will determine your user’s login experience.
With the cookies login setting, the embedded app opens a new browser window to complete the authentication for the user logging in.
For this option, users logging into your embedded app will be redirected to a consent screen to log in. White labeling, the option to conceal Knack’s name in the URL, is not available with this option.
How does this option work?
When you log in to your Knack app, a text file with unique data called a cookie is stored within in your browser. The data contained within it that cookie is a unique identifier of you and your computer that tells the app what data to share specific to you. To put it another way, think of your browser as a pantry, where each website you visit has its own cookie jar. The cookie jar can have two classifications of cookies:
- First-Party Cookies are stored by the domain you’re visiting directly
- Third-Party Cookies are stored by domains other than the one you’re currently visiting
When you embed your Knack app into your website, your website is the first-party, and the Knack app is considered third-party. It was common practice for third-party cookies to be stored in your website’s cookie jar. However, third-party cookies are also commonly used for traffic tracking and other advertising-related activities so browsers have prevented this practice by default in a move towards improving privacy on the web.
In order to authenticate the user, a consent screen is now required in order to allow our cookie to live in your website’s cookie jar. The consent screen must show the browser’s address bar and the domain must be the authenticating domain (Knack.com) so it cannot be white-labeled. This is the same experience you may already be used to if you log in to websites using a Google or Facebook account.
To use this option, select the Cookies option for the Embedded Login Security in the User Settings of your app.
This option is less secure than using Cookies
With the tokens login setting, the embedded app uses a normal Knack login form. For this option, users logging into your embedded app will not be redirected to a consent screen to log in and can log in directly through the embedded app.
This option is less secure than using Cookies
How does this option work?
When you log in to a website, this option stores tokens in the browser. These tokens can then be used to authenticate the user logging into your app.
To use this option, select the Tokens option for the Embedded Login Security in the User Settings of your app.
Understanding Security Risks
We recommend only using this option if you have full control over every computer that could potentially access your app and can ensure they’re only using trusted browser extensions. For example, you could use the IP whitelisting option to ensure only users located at a specific IP address are accessing your app.
This option goes against security best practices because using tokens can be prone to Cross-Site Request Forgery (CSRF). This makes it possible for a third party to gain access to the token value and log in using the user’s token without permission from the user. For example, an unwanted script could run on your page, scan your browser’s storage, copy the token value, and impersonate the user using the copied token value.