Overview
This guide walks you through how to configure SAML-based federation authentication for Ripple and Wave, enabling login via SSO (Single Sign-On).
Compared to conventional password-based authentication, this feature enables centralised user management for administrators and enhances overall security.
Notes This guide uses Auth0 as an example, but the system supports any SAML 2.0-based IdP (Identity Provider), including Okta and Google Workspace. In this context, SP (Service Provider) refers to Ripple and Wave.
Part 1 – Ripple Setup
Step 1: Create a SAML Application in Auth0 with Ripple as the SP
In Auth0, select Applications and click + Create Application
Select Single Page Web Applications and click Create
Select the Addons tab and enable SAML2 Web App
Once enabled, click Settings and enter the following in Application Callback URL: https://login.alphaus.cloud/ripple/saml
The SAML settings below can remain as default. Click Enable
Go back to the Usage tab and download the Identity Provider Metadata file
Step 2: Generate IdP ID on Ripple
In Ripple, go to Settings > SAML Settings > +Create identity provider
Fill in the form and click Create:
Name: Enter any name of your choice
SAML Metadata: Upload the metadata file downloaded in Step 1.5
Copy and save the IdP ID — you will need it in the next step
Step 3: Set Up the User in Auth0
In Auth0, go to Users & Roles > Users and select the relevant user
Click View Details
Generate the user metadata using the sample below:
json
{ "rippleIdpId": "db4e02b5-91fa-4109-9b90-648750405ce0", "rippleProfiles": "MSP-5aa311904d5d6:ripple/RIPPLE_ADMIN,user/USER_ADMIN,rbac/RBAC_ADMIN" }3a. Paste the IdP ID copied in Step 2 into rippleIdpId:
json
"rippleIdpId": "< PASTE HERE >"
3b. Copy the MSP ID from the Ripple User Settings page and paste it into rippleProfiles:
json
"rippleProfiles": "< PASTE HERE >:
3c. Set the roles you want to grant. For example:
ripple/RIPPLE_ADMIN,user/USER_ADMIN,rbac/RBAC_ADMIN"
Paste the completed user metadata into the user record and click Save
step 4: Set Rules in Auth0
In Auth0, select Rules from the left menu and click + Create Rule
Select Empty Rule and give it a name (e.g.,
Alphaus-Ripple)
Paste the following rule script and click Save Changes:
function (user, context, callback) {
context.samlConfiguration.mappings = {
'https://app.alphaus.cloud/ripple/SAML/Attributes/IDPID': 'user_metadata.rippleIdpId',
'https://app.alphaus.cloud/ripple/SAML/Attributes/Profiles': 'user_metadata.rippleProfiles',
'https://app.alphaus.cloud/ripple/SAML/Attributes/SessionName': 'email'
};
callback(null, user, context);
}
Step 5: Log In
Go back to the SAML2 Web App you created in Auth0 and open the Identity Provider Login URL
If setup is successful, you will be redirected to Ripple
Log in to Ripple and verify the status in the top right corner
Part 2 - Wave Setup
Step 6. Configure Wave
Generate the user metadata using the Wave version of the sample below:
{
"waveIdpId": "0a771745-261a-4ff0-b923-36e9672db65b", "waveProfiles":"reseller|UL3yxO2S|600fa583ce8a0:wave/WAVE_ADMIN,user/USER_ADMIN,rbac/RBAC_ADMIN"
}Obtain the IdP ID by going to Settings > Identity Provider Settings > Add Identity Provider and paste it into
waveIdpId:
"waveIdpId": "< PASTE HERE >",
Obtain the Wave ID from the Wave settings page and paste it into
waveProfiles:
"waveProfiles":"< PASTE HERE > :
Paste the following rule script into Auth0 Rules and click Save Changes:
function (user, context, callback)
{
context.samlConfiguration.mappings = {
'https://app.alphaus.cloud/wave/SAML/Attributes/IDPID': 'user_metadata.waveIdpId',
'https://app.alphaus.cloud/wave/SAML/Attributes/Profiles': 'user_metadata.waveProfiles',
'https://app.alphaus.cloud/wave/SAML/Attributes/SessionName': 'email'
};
callback(null, user, context);
}From here, complete the remaining steps following the same procedure as Ripple (Steps 1–5 above)
Advanced Configuration – Trusting Your Organisation's IdP
To configure mutual trust between your organisation's IdP and Ripple/Wave:
Register Ripple/Wave with your IdP — In your organisation's IdP, create a SAML application using the following as the ACS URL and entity ID:
Generate the IdP metadata XML — Using your organisation's IdP, generate or download a metadata XML file. This must include the issuer name, creation date, expiration date, and keys for Ripple/Wave to validate authentication responses
Create the SAML identity provider entity:
Ripple: Go to SAML Settings at https://app.alphaus.cloud/ripple/identity-provider-setting
Wave: Go to Settings at
https://app.alphaus.cloud/wave/settingsUpload the SAML metadata document generated in step 2
Create roles — In Ripple/Wave user management, create one or more roles
Define assertions in your IdP — Map users or groups in your organisation to the roles created above. The SAML attribute mappings are as follows:
For Ripple:
Attribute | Mapping |
Primary email or username | |
IDP ID | |
Profiles |
For Wave:
Attribute | Mapping |
Primary email or username | |
IDP ID | |
Profiles |
Important Notes
Only users with the Admin role can create, read, update, or delete SAML identity provider entities
The IDP ID can be obtained from the list of SAML identity provider entities
Only 5 profiles are allowed in a single assertion
A profile must follow this format:
Ripple:
${MSPID}:${namespace1}/${roleName1}[,${namespaceN}/${roleNameN}]Wave:
${waveID}:${namespace1}/${roleName1}[,${namespaceN}/${roleNameN}]
Single role example (Ripple):
MSP-123456:ripple/RIPPLE_ADMINMultiple roles example (Wave):abcd123:wave/WaveAdmin,rbac/ReadOnly,user/ReadOnly
For Ripple:
MSP ID can be obtained from the user settings page:
https://app.alphaus.cloud/ripple/user-settingValid namespaces:
ripple,rbac,userAt least one role with the
ripplenamespace is required
For Wave:
Wave ID can be obtained from the settings page:
https://app.alphaus.cloud/wave/settingsValid namespaces:
wave,rbac,userAt least one role with the
wavenamespace is required
Need More Help?
If any errors occur during the process or if you have any questions, please reach out to us:
📧 Email: ripple_cs@alphaus.cloud
💬 Live Chat: Available in the bottom-right corner of your dashboard
📖 Help Center: https://help.alphaus.cloud/