Ramp supports single-sign-on (SSO) and Security Assertion Markup Language (SAML) authentication for users to access the application. We support several providers: Okta, Microsoft, OneLogin, JumpCloud, Rippling, and Google (SSO only).
SAML authentication methods
Setup instructions for each SAML provider can be found in the Company Settings > Security tab. Click on the provider below to view the setup guides:
- Okta SAML/SSO
- Microsoft Entra ID (formerly Azure AD) SAML/SSO
- OneLogin SAML/SSO
- JumpCloud SAML/SSO
- Rippling SAML/SSO
When you set up a SAML authentication method, only users in your IdP will be able to access Ramp using the SAML method.
Additionally when a SAML method is configured, we will automatically disable password authentication for all users except Guest users. See Configuring access controls below for more information on enabling/disabling login methods for each user type.
Google (SSO only)
Ramp automatically enables Google SSO for your account. When Google SSO is enabled, any user that's invited to your account with a G Suite email address can use Google SSO to access Ramp.
Configuring access controls
You can enable and disable login methods for your employees based on their user roles. We strongly recommend requiring SSO for all user types except for Guest users. Guest users will always be allowed to access with email + password; you can enable other methods for Guests, but password access cannot be disabled.
Customize authentication methods
Every user role must have at least one login method enabled. When your users log in to Ramp, they will only be shown the approved methods for their role type. In other words, in the screenshot below, Cardholders can access with Google SSO or Okta SSO, so when Cardholders access Ramp, they will only be prompted with those options to log in. Admins can only access using Okta SSO, and will only be prompted with Okta to log in.
You can configure these by clicking on the authentication method and toggling user roles on or off. (See require SSO below)
To require SSO:
- Go to: Settings > Security
- Under Account access > Ramp credentials, click on "Password"
- From "Password authentication settings," disable passwords for all user roles (see screenshot below)
- Click "Save Changes"
- Password authentication will be disabled for all employees and your Ramp account is more secure!