Integrate with an identity provider and sign in with SAML SSO
Integrating Rapidr with your identity provider makes signing in simple and secure for your team.
Follow the steps in this article to configure your identity provider, to require SAML SSO (Single Sign On) from all your teammates, or offer it as one of your sign-in options.
Please note: SAML SSO is only available on certain Rapidr plans.
Configuring your identity provider
To enable SAML SSO, navigate to Company Settings > SAML SSO. You'll see a page with a few form fields like this:
Note: You must have permission to edit company settings to enable this.
The first thing you’ll see is the unique SAML URL for your company in the field labeled as "SAML Consumer URL". In the screenshot above, the value is https://saml.rapidr.io/auth/saml/feedback-432/consume.
You’ll need to include this to configure SAML SSO with your identity provider. If you set up SAML with Rapidr Okta App or OneLogin, you need only the SAML Consumer URL.
- Single Sign-On URL: <SAML URL>
- Recipient URL: <SAML URL>
- Audience restriction/Entity ID: <SAML URL>
- NameID: Email address
- Signed Assertions: Yes
- Signature Algorithm / Digest Algorithm: SHA256
- Mapped Attributes:
- name (User's full name)
- firstName (User's first name)
- lastName (User's last name)
- Encryption: AES256_CBC with this certificate:
-----BEGIN CERTIFICATE-----
MIIDfjCCAmYCCQCeqNiTBUUuNDANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMC
VVMxETAPBgNVBAgMCERlbGF3YXJlMREwDwYDVQQHDAhDbGF5bW9udDEVMBMGA1UE
CgwMUmFwaWRyLCBJbmMuMRIwEAYDVQQDDAlyYXBpZHIuaW8xIDAeBgkqhkiG9w0B
CQEWEXN1cHBvcnRAcmFwaWRyLmlvMB4XDTIzMDQwODEyNDcwNloXDTMzMDQwNTEy
NDcwNlowgYAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhEZWxhd2FyZTERMA8GA1UE
BwwIQ2xheW1vbnQxFTATBgNVBAoMDFJhcGlkciwgSW5jLjESMBAGA1UEAwwJcmFw
aWRyLmlvMSAwHgYJKoZIhvcNAQkBFhFzdXBwb3J0QHJhcGlkci5pbzCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALN6hiWZvoY41YDfQHIvWJNNKax3ZbqI
3i7/0NM5+gCv2Ow8or1YbEAeIOslDJ1xvNNPUCgjYXJVCSeA68iDJm+mfZa+9FWu
BrWUnnjS7xoSHTQjPriLju4QQuHoIbfnfPcxgRZdjQtIjGxKV9Xb7qeNVD9tb+Jy
IV7iZxb0Rxsuhe5mSH6x7BDPR7NegtICMPK1OMgeh2URQJqeQdrsWf5DjIYTLYR+
Ix1lK+xELA6gKNivDZYqoNID4TjrbBWys+4z3JA00pvdgcsq2wn5o44SrOHkiMsM
aNZZSu0q4RdwOKp09wjJPz09d9tJ37zmsQGFUxosREKtE6Qp4RXm+SkCAwEAATAN
BgkqhkiG9w0BAQsFAAOCAQEAkXLmMvXdlYbuxA8CV/gzi5Z5SYR26acuRiJpEIfG
IccrXHNj4BOVDTLmiTOZiG7JR5HhPI0ajVeFnSrEOqaWPc5aEKXCkRrU4n9+5PQZ
b37vi9bkrLctrtxUVT5UoQrqWLbF3UbTE6fozmQGamD2N+HsgjBpFDgtOlIiI50X
MfUW92aHand20Obn7gQthpkaj4uHHbW0CSU6GGZkZR5yQo2dPWSYZIRURKKmbO3E
oEjwzdHkx6jnl/tT3K6dolEHrxYa6dIKA8fHh3lsn6l3j2lvQH3EzX2auoGpSOhq
7qb8/6HtLtddisLQU2jJPiY940pqOPjWIQ6aK3LxX0gPeA==
-----END CERTIFICATE-----
To integrate, you’ll also need to add the following information in Rapidr from your identity provider:
- Identity provider Single Sign-On URL —
- Public certificate —
Save these settings, and you'll start seeing "Sign in with SSO" as one of the options.
Additional steps to configure Okta
- Configure Issuer ID on Rapidr (required): To complete configuring SAML with Okta, you also need to provide us with the Application ID which you can find in Okta as "Identity Provider Issuer".
You can get the Identity Provider issuer by opening the SAML setup instructions.
And copy and paste the Identity Provider Issuer string into the Application ID field in Rapidr
Furnish Rapidr details on Okta (required): After installing Rapidr from Okta's Application Catalog, you need to configure it with your Rapidr account details. On the nav, go to "Sign-On" and click edit.
Scroll down to "Advanced Sign-on settings" where you'll see a text field. Fill in your Rapidr information in the format:
subdomain-ID. If your Rapidr SAML consumer URL ishttps://saml.rapidr.io/auth/saml/acme-123/consume, you need to fill inacme-123.
Hide application icon (optional) from users: Rapidr currently does not support IdP-initiated SAML flow. Please use the following setting to hide the app icon from your Dashboard.
FAQ
Supported features
- ✅ SP-initiated SSO (Single Sign-On)
Supported attributes
| Attribute name | Data type | Description |
| string | Email of the user |
If you hit any roadblocks while setting up SAML for your organization, please reach out to us on support!