General
      Back to home
      1. Help Center
      2. General

      SSO Instructions

      For users interested in SSO functionality, here is how to set it up.

      These are instructions for setting up Rivet SAML SSO with Entra ID (formerly Active Directory). While setting up your SSO connection it would be best to keep your Entra ID portal tab and Rivet Security tab open for easy navigation back and forth.

      For additional documentation, you can also reference Entra ID's website here: https://learn.microsoft.com/en-us/entra/identity/

      Step 1: Create a new Entra application for RIVET

      1. Sign in to the Entra ID portal. On the left navigation pane, select the Identity dropdown
      2. Navigate to Applications > Enterprise Applications
      3. Click New Application
      4. Click Create your own application
      5. Select “Integrate any other application you don’t find in the gallery (Non-gallery)”, which is the default option
      6. Enter the name of your app (i.e. RIVET SSO)
      7. Click Create

      Untitled-1

      8. Once the application is created navigate to Single Sign-on

      9. Click SAML as the single sign-on method

      10. Click Add Identifier
        1. Add a unique identifier (i.e. RivetWorkSSO)
        2. Add the reply URL: https://api.rivet.work
      11. Click Save

      Untitled (1)

      Step 2: Enter SAML SSO Settings in Rivet

      1. In RIVET, go to Manage Org using the settings gear in the top right, then select the Security tab
      2. Toggle on Enable SAML SSO
      3. You will need to enter and save two fields: the IDP XML Metadata Url and the Authorized Domain field.
      4. The IDP XML Metadata URL can be found in Entra ID, under the Single Sign-On Tab for the application you just created. There, find the field named App Federation Metadata Url under the SAML Certificates section.
      5. Copy this url, ****and paste it into the IDP XML Metadata Url field within Rivet.
      6. Next enter your Authorized Domain in Rivet and click Save.
        • This is the domain your employer uses for your email address assignments (i.e. if your email is jake@acmecontracting.com your domain is acmecontracting.com)
        • Note: this domain must be unique among all Rivet registered organizations and cannot be a common domain such as gmail, yahoo, outlook, etc…

      Untitled (2)-1

      Step 3: Confirm RIVET app Configuration in Entra ID

      1. In the Entra portal, navigate to the RIVET Application Page, and select Single sign-on from the side menu
      2. In the Attributes & Claims section, confirm the required claims are set to
        • givenname: user.givenname
        • surname: user.surname
        • emailaddress: user.mail
        • name: user.userprincipalname
        • Unique User Identifier (Name ID): user.userprincipalname

      Step 4: Assign users to RIVET

      1. In the Entra portal, select Enterprise Applications, and then select All applications. In the applications list, select Rivet.
      2. In the app's overview page, find the Manage section and select Users and groups.
      3. Select Add user/group, then select Users and groups in the Add Assignment dialog.
      4. In the Users and groups dialog, select from the Users list, then click the Select button at the bottom of the screen.
      5. In the Add Assignment dialog, click the Assign button.