Overview
This guide walks you through how to configure SAML SSO for Ripple using Okta as the Identity Provider.
Key terms used in this article:
Term | Description |
IdP (Identity Provider) | The service that owns the user identities and credentials — in this case, Okta |
SP (Service Provider) | The protected application being signed into — in this case, Ripple |
Prerequisites
Before you begin, make sure you have already created the role(s) that you will assign to your Okta users when they log in to Ripple.
Roles follow this notation:
{service}/{name}
where:
{service} - either ripple, user, or rbac
{name} - the role name
Example:
ripple/adminHow to Setup SAML
Step 1: Create a SAML App Integration in Okta
In your Okta Admin page, go to Applications > Applications and create an app integration using SAML 2.0 as the sign-in method. Use the following settings as reference:
App name: any name, but in this guide, we will use 'Ripple SAML'
SSO URL: https://login.alphaus.cloud/ripple/saml
** Check "Use this for Recipient URL and Destination URL"
Audience URI (SP Entity ID): same as SSO URL
Attribute statements:
Name: https://app.alphaus.cloud/ripple/SAML/Attributes/IDPID
Name format: leave default (Unspecified)
Value: user.rippleIdpId
Name: https://app.alphaus.cloud/ripple/SAML/Attributes/Profiles
Name format: leave default (Unspecified)
Value: user.rippleProfiles
Name: https://app.alphaus.cloud/ripple/SAML/Attributes/SessionName
Name format: leave default (Unspecified)
Value: user.email
Step 2: Add Custom Profile Attributes in Okta
Add the user.rippleIdpId and user.rippleProfiles attributes to your Okta profile. The user.email attribute should already be available by default.
Go to Directory > Profile Editor and add the following attributes:
Data type: string
Display name: RippleIdpId
Variable name: rippleIdpId
Data type: string
Display name: RippleProfiles
Variable name: rippleProfiles
It will look something like this:
Step 3: Download the IdP Metadata File
Download the IdP metadata (XML) file from the Sign On tab of your Okta app. If it opens in a new browser tab, save it using Ctrl+S (or Cmd+S) as an XML file.
This guide will refer to this file as metadata.xml.
It may open a new tab in your browser when you click the link. Save it (Ctrl+S or Cmd+S) as an XML file. Let's refer to it as metadata.xml in this guide.
Step 4: Create IdP Settings in Ripple
Log in to Ripple and go to Preferences > Identity Provider Settings > + Add Identity Provider
Give it a name and attach the metadata.xml file as the SAML Metadata. Take note of the generated ID — you will use this in Okta. It will be in UUID format, for example:
ec70114e-840b-474f-92c0-e663a47ed2d1
Step 5: Note Your MSP ID
Go to Preferences > User Settings > MSP ID and take note of your organisation's MSP ID. For example:
MSP-abcd1234
Step 6: Confirm You Have All Required Values
Before returning to Okta, make sure you have the following:
MSP ID
IdP ID
List of roles for your Okta users (see Prerequisites)
Step 7: Update Okta User Profiles
Return to Okta, navigate to Directory > People, select a user, go to the Profile tab, and click Edit:
Enter the values for the custom attributes:
rippleIdpId — use your IdP ID
rippleProfiles — use the following notation:
{MSP-ID}:{comma-separated-roles}
Example:
MSP-abcd1234:ripple/admin,user/readonly
Step 8: Assign Users to the App
Make sure all updated users are added to your Ripple SAML app via the Assignmentstab.
Step 9: Test the SSO Login
Open the application's SSO URL to test the login. If configured correctly, the Ripple SSO login screen should appear:
Need More Help?
If any errors occur during the process or if you have any questions, please reach out to us:
📧 Email: ripple_cs@alphaus.cloud
💬 Live Chat: Available in the bottom-right corner of your dashboard
📖 Help Center: https://help.alphaus.cloud/