How do I set up Okta on Ramp?

Okta is a 3rd party authentication service that centralizes how your employees have access to and authenticate with applications. This article outlines how to set up SAML-based Single Sign-On for Ramp using Okta as your Identity Provider. We currently support SP initiated SSO. 

Important Note: Enabling Okta SSO will require all of your users to accept invitations via Okta SSO. Users cannot accept invites via Ramp's regular login if Okta SSO is enabled, although they will be able to log in with a regular user name / password combination after accepting their initial invitation.

Instructions:

1. Turn on Okta on Ramp
2. Install Ramp application on Okta
3. Assign Ramp access to people in your organization in Okta

#1 Turn on Okta on Ramp

1. Go to the “Settings” menu on your Ramp dashboard.
2. Select “Company Settings” in the menu.
3. Scroll down and select "Enable Okta Single Sign-On".
4. Follow the instructions in the onboarding flow.

#2 Install Ramp application on Okta

1. In Okta Admin, select Applications then Add Application.
2. Search for “Ramp” and Select Add.
3. Select the Ramp app and go to the "Sign On" tab.

4. Right click the link for Identity Provider Metadata and select Copy Address.
5. Paste the Identity Provider Metadata address in Okta setup on the Ramp Dashboard. (Settings → Company Settings → Enable Okta)
6. To enable Okta Single Sign-On for everyone in your organization make sure they are all are added on the Okta Admin Dashboard 

#3 Assign Ramp access to people in your organization in Okta

Option 1: Enable Okta for everyone in your organization

1. Make sure everyone you want is first added to Okta itself (Directory → People → Add Person)
2. Select "Assign" and then "Assign to Groups" in dropdown.
3. Click "Assign" on Everyone to enable Ramp for all users in your Okta org.

*This does not automatically give people access to Ramp and spend on it. Everyone still needs to be individually invited.

Option 2: Enable Okta for specific people in your organization

1. Make sure everyone you want is first added to Okta itself.
2. (Directory → People → Add Person)
3. Select "Assign" and then "Assign to People" in dropdown.
4. Click "Assign" on specific people to enable Ramp through Okta for them.

*This does not automatically give them access to Ramp and spend on it. Everyone still needs to be individually invited.

#4 Set Up a Bookmark App (optional)

You can easily set up a bookmark app which allows your users to sign in to Ramp with one click.

For this, follow these instructions to set up an Okta Bookmark App. Visit this URL on Ramp to get the bookmark URL: https://app.ramp.com/home/company-settings/okta-setup .

 

 

Finally, upload the following Ramp logo to your bookmark app icon to help your users easily locate and sign in to Ramp!

 

Trouble signing in

1. Your business might not have enabled Okta SSO with Ramp. Double check with an Admin to configure Okta on Ramp.
2. Your account may not have been added on Okta. Ask an Okta Admin to enable your email address for Ramp on Okta.
3. Are pop-ups enabled in your browser? If not, you will run into the following error message "The email address you submitted is not configured to use Okta SSO."
4. Make sure you are signing in through Ramp.com and not through your organizations page on Okta (we do not support IdP-iniated log ins).

 Disconnect Okta on Ramp

1. Go to the “Settings” menu on your Ramp dashboard
2. Select “Company Settings” in the menu
3. Scroll down and select "Disconnect"

Can I sign in to Ramp by clicking on the Ramp Okta application icon?

We currently do not support IdP-initiated flows. However, you can setup a Bookmark App within Okta to 1 click login (see section above).

Otherwise, head to Ramp.com and click "Sign in with your identity provider".

Then, enter your email address and proceed with the log in process.