Single Sign On (SSO) allows your team to log into the Ravelin dashboard more securely and easily, using your enterprise account in place of a username & password combination.

Ravelin currently supports two authentication types for SSO: SAML and OAuth.

Setting up SSO

If SSO is not yet set up for your team, Admin users will see the following message in the SSO tab of your settings area:

To set up SSO for your team, please contact Ravelin with the following information:

• The name of your identity provider
• The email domain(s) that your users have
• Your preference of OAuth or SAML for the SSO connection (your IT team can help with this one if you're unsure)

If you're setting up an OAuth connection, the above information should be all we need. If you're setting up a SAML connection, further details will need to be exchanged.

You'll need the following configuration from our side to get started:

• ACS URL: https://id.ravelin.com/ssoredirect
• Service Provider Entity ID: id.ravelin.com (note this must be entered exactly as is, without http:// or https:// preceding it)

From your side we'll need the following:

• Identity Provider Issuer (often referred to as the Entity ID or simply "Issuer")
• Identity Provider Single Sign-On URL (often referred to as the "SSO URL" or "SAML Endpoint.")
• x.509 Certificate

Mandatory SSO

The Mandatory SSO setting enables Admins to enforce SSO as the only permitted authentication method for all non-admins with a supported domain.

We recommend enabling Mandatory SSO once you're happy that your users are able to log in with SSO without any issues.