# SAML for Rippling This guide describes how to use StrongDM's [Generic SAML](/admin/principals/sso/saml.md) identity provider integration with Rippling as the identity provider (IdP). ### Prerequisites * Administrative access to a working Rippling account * Administrative access to your StrongDM organization ### Provider Setup 1. Create a custom app. 2. Fill out the requested fields for the custom app. 3. Copy the **Metadata IDP URL** to put into StrongDM later. 4. Select **SSO(SAML only)**. ### StrongDM Setup 1. In the StrongDM Admin UI, go to **Settings** > **User Management**. 2. ![](/files/nWFh5QJbUdSW7UHF8AeT)\ Under **Single Sign-on**, unlock the settings menu (**Click to make changes**), and then select **Yes**. For the **Provider**, select the **SAML** option. 3. Copy the values provided for Entity ID and ACS (Consumer) URL (or leave this page open). Copy the Metadata IDP URL from Rippling and paste it into the **Metadata URL** field in the Admin UI. 4. For **Allow IDP Initiated Authentication**, click **Yes**. 5. For **Allow password login for admins**, click **Yes** to prevent accidentally locking out your admins. 6. Click **Save**. ### Complete Provider Setup 1. ![](/files/xLb9gBNdunMGozKNVZNl)\ Return to the Rippling custom app. 2. Leave the **Metadata URL** blank. 3. Fill in the **Entity ID** with the corresponding value copied from StrongDM's Admin UI. 4. Fill in the **ACS (Consumer) URL** with the corresponding value copied from StrongDM's Admin UI. 5. Click **Move to Next Step**. 6. ![](/files/y2gELUZuliTTNfKN4tqD)\ Select **I will manually select who should get access**. 7. Leave the defaults selected for the next screens until you reach the test Rippling connection, which because of the manual access, should be unavailable. 8. Click **Visit the App**. 9. Select the StrongDM app you just created. 10. Navigate to **Settings**. 11. Select the **SAML Attributes** tab. 12. ![](/files/tegVmNXy3YyC6dPFRV9t)\ Click **Create New**. 13. Create a Global Attribute with "Email" as the **Name** and "User's email address" as the **Value**. 14. Navigate to the **Overview** and grant access to accounts that exist in StrongDM. 15. The single sign-on tile for StrongDM should now be in the home bar for Rippling. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/principals/sso/rippling-saml.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.