OneLogin integration: Set up SAML SSO

Note: This article primarily applies to Ramp Administrators. Cardholders may find other articles in theRamp overviewsection to be more applicable.

Overview

If your company uses OneLogin, you can set up the single sign-on feature for use with Ramp. This gives your employees the convenience of a one-click sign-in without using additional multi-factor authentication.

How to set up

Step 1: Setup OneLogin SAML application

1. Go to Applications → Applications and click on Add App on the top right corner.
2. Select SAML Custom Connector (Advanced) .

Step 2: Setup OneLogin basic SAML configuration

1. Enter Info, including Display Name and Icons, as desired, and click Save .
2. Click on the Configuration tab.
3. Copy the following URL and paste it in for Audience (EntityID) and Recipient : https://sso.ramp.com/__/auth/handler Copy "https://sso.ramp.com/__/auth/handler" to clipboard
4. Copy the following expression and paste it in for ACS (Consumer) URL and ACS (Consumer) URL Validator : https:\/\/sso\.ramp\.com\/__\/auth\/handler Copy "https://sso.ramp.com/__/auth/handler" to clipboard
5. Update the SAML initiator dropdown to Service Provider .
6. Click Save .

Step 3: Setup SAML claims

In the Parameters section, add the following claims and make sure to check the Include in SAML assertion checkbox for each:

• givenName: First Name
• familyName: Last Name
• email: Email

Note: Ensure you preserve capitalization for claim names above, for example, "givenName". Also, claim values may vary in your system if they were customized. What’s important is that the Name matches above and values correspond to those in your system:

• givenName: User’s first name
• familyName: User’s last name
• email: User’s email address

Click the Activate button after this is set up.

Step 4: Setup metadata URL on Ramp

• Click on SSO.
• Copy the Issuer URL and paste it into the Ramp setup wizard in the OneLogin Metadata URL field (as shown below).