RIVET SSO: Microsoft Entra ID

Use Single Sign On Functionality with RIVET

Identity Provider (IdP) Setup

These are instructions for setting up Rivet SAML SSO with Entra ID (formerly Active Directory). While setting up your SSO connection it would be best to keep your Entra ID portal tab and RIVET Security tab open for easy navigation back and forth.

For additional documentation, you can also reference Entra ID's website here: https://learn.microsoft.com/en-us/entra/identity/

Step 1: Create a new Entra application for RIVET

  1. In RIVET, go to Manage Org using the settings gear in the top right, then select the Security tab

  2. In the Identity Provider section click Microsoft Entra from the dropdown

  3. Sign in to the Entra ID portal. On the left navigation pane, select the Identity dropdown

  4. Navigate to Applications > Enterprise Applications

  5. Click New Application

  6. Click Create your own application

  7. Select “Integrate any other application you don’t find in the gallery (Non-gallery)”, which is the default option

  8. Enter the name of your app (i.e. RIVET SSO)

  9. Click Create

  10. Once the application is created navigate to Single Sign-on

  11. Click SAML as the single sign-on method

  12. Click Add Identifier

    1. Add a unique identifier(Copied from the Entity ID field in Rivet): https://api.rivet.work/auth/signin/saml
    2. Add the reply URL (copied from the Reply URL field in Rivet): https://api.rivet.work
  13. Click Save

Step 2: Enter SAML SSO Settings in Rivet

  1. In RIVET, go to Manage Org using the settings gear in the top right, then select the Security tab

  2. You will need to enter and save two fields: the IDP XML Metadata Url and the Authorized Domain field.

  3. The IDP XML Metadata URL can be found in Entra ID, under the Single Sign-On Tab for the application you just created. There, find the field named App Federation Metadata Url under the SAML Certificates section.

  4. Copy this url, ****and paste it into the IDP XML Metadata Url field within Rivet.

    • This is the domain your employer uses for your email address assignments (i.e. if your email is jake@acmecontracting.com your domain is acmecontracting.com)

      Next enter your Authorized Domain in Rivet and click Save.

Note: Note: this domain must be unique among all Rivet registered organizations and cannot be a common domain such as gmail, yahoo, outlook, etc…

 

Step 3: Confirm RIVET app Configuration in Entra ID

  1. In the Entra portal, navigate to the RIVET Application Page, and select Single sign-on from the side menu
  2. In the Attributes & Claims section, confirm the required claims are set to
    • givenname: user.givenname
    • surname: user.surname
    • emailaddress: user.mail
    • name: user.userprincipalname
    • Unique User Identifier (Name ID): user.userprincipalname

Step 4: Assign users to RIVET

  1. In the Entra portal, select Enterprise Applications, and then select All applications. In the applications list, select Rivet.
  2. In the app's overview page, find the Manage section and select Users and groups.
  3. Select Add user/group, then select Users and groups in the Add Assignment dialog.
  4. In the Users and groups dialog, select all applicable Users and Groups to assign access to RIVET, then click the Select button at the bottom of the screen.
  5. In the Add Assignment dialog, click the Assign button.

Step 5: Verify the SSO Configuration in RIVET

  1. You’ll see the banner in the RIVET security page instructing you to verify your SSO configuration.

  2. Log out of RIVET

  3. Log back in selecting Use Single Sign-on and utilize your email for your Rivet account under your authorized domain.