Skip to main content

​
Requirements

To follow the steps in this guide, you’ll need:

​
Setup

1

Open the Omni authentication settings

In your Omni instance, navigate to Settings > Authentication and locate the SAML section.Leave this page open - you’ll need it to complete the setup.
2

Create an Omni Rippling app

  1. Sign into Rippling.
  2. Search for Custom app in the search bar. Select the correct result.
  3. Click Create new Custom app.
  4. Complete the app form:
  • Name - Omni
  • Categories - Analytics & BI
  • Upload the following logo:
  1. Select Single Sign-on (SAML) or SAML and SCIM app if you intend to also configure SCIM.
  2. Complete the single sign-on setup form:
    • Leave the Metadata URL and Metadata fields empty.
    • ACS URL (Assertion Consumer Service URL) - Copy and paste the Single sign-on URL value from the Omni Authentication settings (step 1)
    • Service Provider Entity ID - Enter the full hostname of your Omni instance, e.g. blobsrus.omniapp.co. Do not include https://.
  3. Leave this form open, but note the following - you’ll need it in the next step:
    • Single Sign-on URL
    • Issuer
    • X509 Certificate
3

Configure Omni authentication settings

Navigate back to the Omni Authentication settings (Settings > Authentication) to complete the setup:
  • Entity ID / Issuer - Copy and paste the Issuer value from Rippling
  • SSO (Sign on) URL - Copy and paste the Single Sign-on URL value from Rippling
  • Certificate - Copy and paste the contents of the X509 Certificate certificate. You may need to download it from Rippling. The certificate must include -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- values, for example: 
    -----BEGIN CERTIFICATE-----
[certificate contents]
-----END CERTIFICATE-----
  • Automatically provision new users on first login from this SAML provider - Toggle this setting to on if:
    • You want to provision users only when they first access Omni and
    • You don’t plan to set up SCIM provisioning
  • Enable SAML for users - Toggle this setting to on
When finished, click Save SAML changes.
4

Complete the SSO configuration in Rippling

Navigate back to Rippling to finish configuring the custom Omni app:
  1. On the setup form, click Continue.
  2. Select Do not allow admins to sign in to the admin account.
  3. Skip creating any group attributes.
  4. Complete all other steps, clicking Visit the app when finished.
  5. In the app’s Settings tab, navigate to the SAML Attributes section.
  6. Create the following global attributes:
    NameValue
    Attribute 1first_nameUser’s preferred first name
    Attribute 2last_nameUser’s preferred last name
5

Assign users and groups

In Rippling, assign users and user groups to the custom Omni application.
6

Test the setup

Test your SAML setup by logging out of Omni. On the Omni login page, you should see a Log in with SAML button. Click the button to log in using SAML.If the setup is successful, finish the setup by rolling out SAML authentication to the rest of your organization.

​
What’s next?

Setting up SAML allows your users to authenticate to Omni using their Rippling credentials. With this setup completed, you can also configure SCIM to auto-provision users & user groups in Omni.