Cardholders may find other articles in the Ramp overview section to be more applicable.
Overview
If your company uses Microsoft Azure AD, you can set up the single sign-on feature for use with Ramp. This gives your employees the convenience of a one-click login, without using additional multi-factor authentication.
Jump to:
How to set up
Note: Starting in Sept 2024, Ramp will be rolling out a new SAML configuration flow that these step-by-step instructions to admins as they set up integrations with their providers.
Step 1
Setup Microsoft AD SAML Application:
- Login to the Microsoft Azure Portal and click on the Azure Active Directory application.
- Click on Enterprise Applications in the left sidebar.
- Click on the +New application button.
- Click on the +Create your own application.
- Choose Integrate any other application you don't find in the gallery (Non-gallery)" and click Create.
- Add the users and groups you want to give access to.
- Click on Set up single sign on and choose SAML.
Step 2
In the Basic SAML Configuration section, copy the following handler URL and paste it in for Identifier (Entity ID) and Reply URL:
https://sso.ramp.com/__/auth/handler
Step 3
Setup SAML claims:
In the attributes and claims section, set the following claims:
- Unique User Identifier (Name ID): user.mail
- givenName: user.givenname
- familyName: user.surname
- email: user.mail
Note: Please make sure to preserve capitalization for the names above, for example, "givenName" (make sure the 'N' is capitalized). Also, claim values can be different in your system if they have been customized. The most important factor in a correct setup is that each of the claims listed above corresponds to the following user info, even if the mapped attribute source is different:
- Unique User Identifier (Name ID): User's email address
- givenName: User's first name
- familyName: User's last name
- email: User's email address
Note: When configuring the claims, make sure to set the "namespace" field to empty:
Step 4
Copy the App Federation Metadata Url and paste it into the field marked Microsoft MetadataURL in the Azure Setup section of your Ramp account
Step 5
Click Save & Continue, and you’re all set. Please note that anyone with a non-company email address will not be able to log in via Azure.
Sept 2024 update
Starting in September 2024, admins will begin seeing an updated SAML configuration flow when you click Add Provider.
When you click on Microsoft Entra ID, you will see the above configuration instructions listed step-by-step to accompany your setup process.
Upon completion, you can also view the parameters of the current configuration, including the Metadata URL and approved domains.
You can also view Microsoft as one of the available login methods and customize according to the different user groups.