Integrate with an identity provider and sign in with SAML SSO
Integrating Rapidr with your identity provider makes signing in simple and secure for your team.
Follow the steps in this article to configure your identity provider, to require SAML SSO (Single Sign On) from all your teammates, or offer it as one of your sign-in options.
Please note: SAML SSO is only available on certain Rapidr plans.
Configuring your identity provider
To enable SAML SSO, navigate to Company Settings > SAML SSO. You'll see a page with a few form fields like this:
Note: You must have permission to edit company settings to enable this.
The first thing you’ll see is the unique SAML URL for your company in the field labeled as "SAML Consumer URL". In the screenshot above, the value is https://saml.rapidr.io/auth/saml/feedback-432/consume.
You’ll need to include this to configure SAML SSO with your identity provider. If you set up SAML with Rapidr Okta App or OneLogin, you need only the SAML Consumer URL.
- Single Sign-On URL: <SAML URL>
- Recipient URL: <SAML URL>
- Audience restriction/Entity ID: <SAML URL>
- NameID: Email address
- Signed Assertions: Yes
- Signature Algorithm / Digest Algorithm: SHA256
- Mapped Attributes:
- name (User's full name)
- firstName (User's first name)
- lastName (User's last name)
- Encryption: AES256_CBC with this certificate:
To integrate, you’ll also need to add the following information in Rapidr from your identity provider:
- Identity provider Single Sign-On URL —
- Public certificate —
Save these settings, and you'll start seeing "Sign in with SSO" as one of the options.
Additional steps to configure Okta
- Configure Issuer ID on Rapidr (required): To complete configuring SAML with Okta, you also need to provide us with the Application ID which you can find in Okta as "Identity Provider Issuer".
You can get the Identity Provider issuer by opening the SAML setup instructions.
And copy and paste the Identity Provider Issuer string into the Application ID field in Rapidr
Furnish Rapidr details on Okta (required): After installing Rapidr from Okta's Application Catalog, you need to configure it with your Rapidr account details. On the nav, go to "Sign-On" and click edit.
Scroll down to "Advanced Sign-on settings" where you'll see a text field. Fill in your Rapidr information in the format:
subdomain-ID. If your Rapidr SAML consumer URL is
https://saml.rapidr.io/auth/saml/acme-123/consume, you need to fill in
Hide application icon (optional) from users: Rapidr currently does not support IdP-initiated SAML flow. Please use the following setting to hide the app icon from your Dashboard.
- ✅ SP-initiated SSO (Single Sign-On)
|Email of the user
If you hit any roadblocks while setting up SAML for your organization, please reach out to us on support!