Prerequisite
You will need 'Rippling App Management' to connect WorkRamp.
Please make sure you have a custom domain set up for your enterprise (setup under Settings > Enterprise > General > Domain).
This will be the dedicated login link for your company. If a user attempts to sign in from the generic login page, they will be redirected to this page to enter their credentials for SSO.
Getting Started
Navigate to app.rippling.com/app-shop or click on the App Shop button from your Rippling page. Once there, use the 'Find an app..." search bar to search for "workramp."
On the Workramp app page, click on the [Connect Account] button.
In the App Details page, Rippling lists the features which are supported. To proceed with the setup, click on the
β[Connect existing account] button.
On the following page, you will need to verify that you are a WorkRamp admin in order to proceed. If you are not a WorkRamp admin, you can use the "Invite someone else to install it" option to have that user complete the setup.
If you selected the first option, you can generate an API token from your WorkRamp Settings integration tab. Please follow the steps in our help article.
On the App Access Rules page, you will be able to set up provisioning rules to determine what type of employees or departments you would like to provision accounts for.
You can also set up provisioning times:
Once those settings are complete, Rippling will start account matching for your users from WorkRamp, typically based on email address.
After the accounts are all matched up, if you would like, you can choose to manage Groups from WorkRamp as well.
Next, you will see an advanced settings page for attribute mapping, however, Rippling advises that this is an advanced feature and changes should only be made after discussing this with your internal teams. Once finished with this page, your installation is complete! Click on the [Continue with SAML] button to obtain the needed information to complete the setup in WorkRamp.
Setting Up in WorkRamp
Start by navigating to your SSO Settings page:
You will need to provide three pieces of information:
Entity ID - A URL that uniquely identifies your SAML identity provider.
Single Sign-On URL - This is the SSO URL that WorkRamp will direct your users to when they access WorkRamp.
Certificate - This is the certificate WorkRamp will require to verify your users' identity during the sign-on process. This should be provided by your SSO provider. If you have any trouble finding this certificate, contact your SSO provider or the WorkRamp team.
Running an SSO Test
Once you have finished adding your SAML Settings, we recommend running a quick test to make sure it works.
To run this test, check the box beside "Enable SSO (SAML)."
IMPORTANT: Make sure you run this test in an incognito window or separate browser. Do NOT sign out of your account because you may be locked out of your account if the SSO setup is incorrect.
You should also run this test in non-peak hours or for a short period of time. This will lock out any users if the configuration is not set up properly.
To test, go to your custom domain (from the prerequisite section at the top):
The login flow should take you to your Identity Provider (i.e. Rippling) as the next step and redirect you back to WorkRamp when completed. If this does not work, the setup was incorrect and you should toggle SSO off until fixed.
================
Additional SSO Settings
External Users
You also have the ability to allow external users to sign in with a username and password. Users who do not have a domain listed in the Internal Domains field will be presented with a Username and Password login instead of being redirected to the SSO login page.
Auto Provisioning
Accounts will be automatically provisioned for users signing in via SSO (SAML) if they don't already exist.
Note: This also applies to SSO with Google.
β
