Right-Hand Cybersecurity

<a href="#h_9626796b26">Step 1: Log in to Rippling and Create a New SAML App</a>

<a href="#h_4c38da52c6">Step 2: RH Custom SSO App Integration</a>

<a href="#h_1817a62722">Step 3: Upload XML Metadata to Right Hand Portal</a>

Step 1: Log in to Rippling and Create a New SAML App

You're setting up the RH_SSO_App in Rippling to enable Single Sign-On (SSO) support for this application.

Log in as an <a href="https://app.rippling.com/dashboard" rel="nofollow noopener noreferrer" target="_blank">admin</a> and then on the left navigation menu, select IT → Third-Party access.

1. Log in as an <a href="https://app.rippling.com/dashboard" rel="nofollow noopener noreferrer" target="_blank">admin</a> and then on the left navigation menu, select IT → Third-Party access.

2. Click the Add Integration button, then select Create New Custom Integration.

Step 2: RH Custom SSO App Integration

Enter a descriptive name for the app (e.g., RightHandSSO), choose 'Security' as the category, and upload a logo file. Ensure the 'Single Sign-On (SAML)' option is selected, then click Continue.

Select the first option to confirm that you are the admin and will handle the installation yourself, then click Next.

The SSO XML file contains Rippling’s SAML configuration details, including its login URL, public certificate, and more. You’ll need to upload this file to the RightHand portal so it can recognize and validate SAML responses from Rippling.

Scroll down and Download Idp Metadata XML file → Save it for later use.

Next, scroll down and enter the ACS URL and SP Entity ID provided by the RightHand portal.

You can find the URL by following the steps below:

In the Right-Hand portal, navigate to Settings from the left-hand menu, then open the Integrations tab. Click Add New, copy the SSO Sign-In URL, and paste it into both the ACS URL and SP Entity ID fields. Then click Next.

This step determines which users in your organization can access the app via SSO.

For example, you can restrict access to specific departments, job titles, or individual users.

Choose your desired settings/rule. (Right-Hand Suggests Recommended Settings)

This controls when SSO access becomes active for a new employee.

Select when users get access (e.g., after signing offer letter). (Right-Hand Suggests Recommended Settings)

Optionally, you can allow Rippling full admins to sign in via SSO as well. This is a convenience feature that supports centralized access management.

Configure SSO for Admins if required → Continue.

Click Continue and leave the Group Attribute setting as is; we’ll configure attribute mapping later. Click Continue again, then return to the integration setup.

Configure SAML attribute mapping to specify which user information is passed from Rippling to RightHand. Without this, RightHand won’t be able to identify the user or retrieve their email or name during login.

Navigate to Settings → SAML Attributes → Create New → select Global Attribute. Set the value to email with the user's email address, then click Save.

Step: 3 Upload XML Metadata to Right Hand Portal

1. Return to the Right-Hand portal and click Settings from the left-hand menu. Go to the Integrations tab and click Add New. Under IdP, select Add Another IDP Integration. Enter 'Rippling SSO' as the Entra IdP Integration Name. Then click Browse, upload the Federation Metadata XML file, and click Save.

1. Go directly to the RightHand login page to initiate the SSO login flow.

2. Click Single Sign-On (SSO), enter your email address, and log in.

If you see the error below, go to the RH custom app → Employee status → click Grant access to the user.

1. Enter a descriptive name for the app (e.g., RightHandSSO), choose 'Security' as the category, and upload a logo file. Ensure the 'Single Sign-On (SAML)' option is selected, then click Continue.
 
 
 
2. Select the first option to confirm that you are the admin and will handle the installation yourself, then click Next.
 
 
 
3. The SSO XML file contains Rippling’s SAML configuration details, including its login URL, public certificate, and more. You’ll need to upload this file to the RightHand portal so it can recognize and validate SAML responses from Rippling.
 
 Scroll down and Download Idp Metadata XML file → Save it for later use. 
 
 
 
4. Next, scroll down and enter the ACS URL and SP Entity ID provided by the RightHand portal.
 
 You can find the URL by following the steps below:
 
 In the Right-Hand portal, navigate to Settings from the left-hand menu, then open the Integrations tab. Click Add New, copy the SSO Sign-In URL, and paste it into both the ACS URL and SP Entity ID fields. Then click Next. 
 
 
5. This step determines which users in your organization can access the app via SSO.
 For example, you can restrict access to specific departments, job titles, or individual users.
 
 Choose your desired settings/rule. (Right-Hand Suggests Recommended Settings)
 
 
 
6. This controls when SSO access becomes active for a new employee.
 
 Select when users get access (e.g., after signing offer letter). (Right-Hand Suggests Recommended Settings)
 
 
 
7. Optionally, you can allow Rippling full admins to sign in via SSO as well. This is a convenience feature that supports centralized access management.
 
 Configure SSO for Admins if required → Continue.
 
 
 
8. Click Continue and leave the Group Attribute setting as is; we’ll configure attribute mapping later. Click Continue again, then return to the integration setup.
 
 Configure SAML attribute mapping to specify which user information is passed from Rippling to RightHand. Without this, RightHand won’t be able to identify the user or retrieve their email or name during login.
 
 Navigate to Settings → SAML Attributes → Create New → select Global Attribute. Set the value to email with the user's email address, then click Save.
 
 
 
 
 
 Step: 3 Upload XML Metadata to Right Hand Portal
 
 1. Return to the Right-Hand portal and click Settings from the left-hand menu. Go to the Integrations tab and click Add New. Under IdP, select Add Another IDP Integration. Enter 'Rippling SSO' as the Entra IdP Integration Name. Then click Browse, upload the Federation Metadata XML file, and click Save.
 
 
 
 Step: 4 Test SSO
 1. Go directly to the RightHand login page to initiate the SSO login flow.
 2. Click Single Sign-On (SSO), enter your email address, and log in.
 
 
 
 Troubleshoot
 If you see the error below, go to the RH custom app → Employee status → click Grant access to the user.

How to configure Rippling?

Release Notes

Developers

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

How to configure Rippling?

Table of contents

Step 1: Log in to Rippling and Create a New SAML App

Step 2: RH Custom SSO App Integration

Step: 3 Upload XML Metadata to Right Hand Portal

Step: 4 Test SSO

Troubleshoot