If your company uses Microsoft Azure AD, you can use the set up the single sign-on feature for use with Ramp. This gives your employees the convenience of a one-click login, without using additional multi-factor authentication.
Setup Microsoft AD SAML Application:
- Login to the Microsoft Azure Portal and click on the "Azure Active Directory" application.
- Click on "Enterprise Applications" in the left sidebar.
- Click on the "+New application" button.
- Click on the "+Create your own application."
- Choose "Integrate any other application you don't find in the gallery (Non-gallery)" and click "Create."
- Add the users and groups you want to give access to.
- Click on "Set up single sign on" and choose "SAML".
In the "Basic SAML Configuration" section, copy the following handler URL and paste it in for "Identifier (Entity ID)" and "Reply URL".
Setup SAML Claims:
In the "Attributes & Claims" section, setup the following claims:
- Unique User Identifier (Name ID): user.mail
- givenName: user.givenname
- familyName: user.surname
- email: user.mail
Note: Please make sure to preserve capitalization for the names above, for example "givenName" (make sure the 'N' is capitalized). Also, claim values can be different in your system if they have been customized. The most important factor in a correct setup is that each of the claims listed above correspond to the following user info, even if the mapped attribute source is different:
- Unique User Identifier (Name ID): User's email address
- givenName: User's first name
- familyName: User's last name
- email: User's email address
Note: When configuring the claims, make sure to set the "namespace" field to empty:
Copy the "App Federation Metadata Url" and paste it into the field marked ‘Microsoft MetadataURL’ in the Azure Setup section of your Ramp account
Click ‘Save & Continue,’ and you’re all set. Please note that anyone with a non-company email address will not be able to log in via Azure.