Overview
Note: This article primarily applies to Ramp Administrators.
Cardholders may find other articles in the Ramp overview section to be more applicable.
This article covers how to use Okta for Single Sign On (SSO). For System for Cross-domain Identity Management (SCIM) for your Ramp account, please refer here.
SSO will allow your employees to access Ramp through Okta seamlessly and securely. SCIM will allow you to manage your Ramp users from the Okta platform. With SCIM you can invite users, update profile attributes, and terminate users automatically via Okta.
Jump to:
Install the Ramp application in Okta
Note: Starting in Sept 2024, Ramp will be rolling out a new SAML configuration flow that will provide admins with step-by-step instructions to set up SAML within the application.
In order to set up SAML authentication, you must first set up the Ramp application in Okta.
- In a new browser tab, log in to your Okta tenant
- Navigate to Applications > Applications:
- Click Browse App Catalog, search for Ramp, and click on the Ramp Application to view
- Click Add Integration
- Under General Settings:
- Enter the Application Label; You can change the application label but we recommend using “Ramp.” This is the name of the app that your employees will see when accessing Ramp via Okta.
Since Ramp does not support IdP-initiated logins, you should check the box: Do not display application icon to users
Supported SAML Features
The Okta/Ramp SAML integration currently supports the following features:
-
- SP-initiated SSO
Set up Okta SSO on Ramp
Configuration Steps
- In a new browser tab, log in to your Okta tenant
- Navigate to Applications > Applications
- Open the Ramp application in Okta
- Switch to the Sign On tab
- Copy the "Metadata URL"
- In a new browser tab, login to Ramp
- Navigate to Settings > Company Settings
- From the Company Profile tab, scroll down to the Account Access section
- Click on Enable Okta Single Sign-On
- Paste the metadata URL (copied in Step 5) into the text field as instructed:
Note
Ensure you entered the correct value in the "Subdomain" field under the General tab. The wrong subdomain value prevents you from authenticating through SAML to Ramp.
Since only SP-initiated flow is supported, Okta recommends hiding the application icon for users.
The following SAML attributes are supported. Ensure you preserve capitalization for each of the names below; for example, in "firstName" make sure the 'N' is capitalized:
Name | Value |
user.email | |
firstName | user.firstName |
lastName | user.lastName |
SP-initiated SSO
-
Go to: https://ramp.com/sign-in
-
Click Sign in with Okta.
-
Enter your email, then click Continue to Okta.
Sept 2024 update: Self-service setup
Starting in September 2024, admins will begin seeing an updated SAML configuration flow when you navigate to Company settings > Security and click Add Provider.
When you click on Okta, you will see the above configuration instructions listed step-by-step to accompany your setup process.
Upon completion, you can also view the parameters of the current configuration, including the Metadata URL and approved domains.
You will also see Okta as one of the available login methods and can customize according to the different user roles.