Skip to main content
How to Enable Single Sign-On (SSO)

Guide on enabling SSO for Risk Ledger clients, including steps for configuring major identity providers and customising SSO settings.

Kian avatar
Written by Kian
Updated over 4 months ago

Risk Ledger offers Single Sign-On (SSO) functionality for all Enterprise clients only. If you are a supplier on the Risk Ledger platform, we offer Google OAuth.

SSO allows users to access Risk Ledger via their organisation's single configured authentication provider.

Supported Identity Providers

We support all major identity providers, such as;

  • Okta

  • Microsoft Azure AD

  • Microsoft Active Directory Federation Services (ADFS)

  • Onelogin

  • Auth0

  • Google SAML

  • Generic SAML Providers

  • Generic OpenID Providers

Each provider required specific information to configure a connection, and this may differ by provider. Therefore, our setup wizard will guide you through configuring your specific identity provider and the steps illustrated below should be adjusted as necessary.


Configuration Steps

Step 1

  • Navigate to Settings and select the Single Sign-On menu item.

  • Enter the domains you wish to use for Single Sign-On. If multiple, separate them by commas.

  • For example, if you wish to allow fred@abc.com and liz@xyz.net to login via Single Sign-On, then enter abc.com, xyc.net.

  • Continue to Step 2 by clicking Continue Setup when ready.

πŸ’‘ If you wish to modify your configured domains at a later point, please contact support.


Step 2

  • You will be redirected to our Single Sign-On Setup Wizard, powered by WorkOS, to continue configuration.

  • Select your identity provider form the list provided. Steps differ between providers, so be sure to select the correct one for your organisation.

  • Only select the Generic SAML provider if you cannot see your provider listed.


Step 3

The remaining setup flow can differ between providers, but for SAML-based providers the basic details remain the same;

  • Configure Risk Ledger as a service provider within your identity provider, using the given Entity ID and ACS URL as directed.

  • Upload your X.509 Certificate.

  • Enter your IdO Endpoint/Login URL, to redirect users for initiation of Single Sign-On.

  • Configure your SAML claims as directed for your chosen identity provider. We require claims to be configured for the following fields;

    • A unique identifier.

    • An email address.

    • A first name.

    • A last name.

πŸ’‘ If you require any assistance to configure or modify your Single Sign-On connection, please reach out to our support team.


Step 4

Test that your connection is functional, and correct any issues if not.


SSO Settings

Once you have configured your Single Sign-On provider, you will be redirected back to the Risk Ledger settings page. You can then customize further settings including the enforcement of SSO and user provisioning.


Manage

Clicking the Manage button will allow you to;

  • See full details of your configured connection.

  • Test your Single Sign-On connection.

  • View a history of events associated with your SSO connection, including all recent logins for debugging configuration issues.


Enforce SSO

Switching this on will mean your organisation users will only be able to sign in to Risk Ledger using your configured SSO connection.

Before enabling this, we strongly recommend notifying all your organisation users that they will need to sign in to Risk Ledger using Single Sign-On going forward.

Lead & Admin Users may still sign in using their password and email address.


User Provisioning

Switching this on will mean that new users will automatically be created accounts on Risk Ledger, when they sign in via SSO for the first time.

The default user role for all new users will be View, but this can be changed as required.


Logging in with Single Sign-On

  1. In order to login with Single Sign-On, you can click Sign In with SSO button from the regular sign in form. Or, simply navigate to https://apps.riskledger.com/sso/login

  2. Simply enter your email address, and hit Sign In with SSO.

  3. If your email matches a configured SSO connection, you will be redirected to the identity provider to sign in.

  4. Once authenticated, you will be redirected to Risk Ledger and signed into your user account.


πŸ’‘ If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.

Did this answer your question?