SAML for Rippling

This guide describes how to use StrongDM’s Generic SAML identity provider integration with Rippling as the identity provider (IdP).

Prerequisites #

• Administrative access to a working Rippling account
• Administrative access to your StrongDM organization

Provider Setup #

1. Create a custom app.
2. Fill out the requested fields for the custom app.
3. Copy the Metadata IDP URL to put into StrongDM later.
4. Select SSO(SAML only).

StrongDM Setup #

1. In the StrongDM Admin UI, go to Settings > User Management.
2. Under Single Sign-on, unlock the settings menu (Click to make changes), and then select Yes. For the Provider, select the SAML option.

   

3. Copy the values provided for Entity ID and ACS (Consumer) URL (or leave this page open). Copy the Metadata IDP URL from Rippling and paste it into the Metadata URL field in the Admin UI.
4. For Allow IDP Initiated Authentication, click Yes.
5. For Allow password login for admins, click Yes to prevent accidentally locking out your admins.
6. Click Save.

Complete Provider Setup #

1. Return to the Rippling custom app.

   

2. Leave the Metadata URL blank.
3. Fill in the Entity ID with the corresponding value copied from StrongDM’s Admin UI.
4. Fill in the ACS (Consumer) URL with the corresponding value copied from StrongDM’s Admin UI.
5. Click Move to Next Step.
6. Select I will manually select who should get access.

   

7. Leave the defaults selected for the next screens until you reach the test Rippling connection, which because of the manual access, should be unavailable.
8. Click Visit the App.
9. Select the StrongDM app you just created.
10. Navigate to Settings.
11. Select the SAML Attributes tab.
12. Click Create New.

    

13. Create a Global Attribute with “Email” as the Name and “User’s email address” as the Value.
14. Navigate to the Overview and grant access to accounts that exist in StrongDM.
15. The single sign-on tile for StrongDM should now be in the home bar for Rippling.