How to integrate Risk Cloud with your SAML 2.0 IdP
Risk Cloud supports Single Sign-on (SSO) using the SAML2.0 protocol.
Note: You must be a Risk Cloud Admin to Enable or configure your organization's SSO.
Non-Okta Single-Sign-On (SSO)
Your Customer Success Manager can give you a copy of your metadata template XML file if needed. If you'd like to pull the critical inputs for your IDP will be structured as follows, where <SUBDOMAIN> is part of your Risk Cloud URL before '.logicgate.com'.
Entity ID (Audience URI):
User Identifier: Email Address
- Namespaces (for Azure AD): Leave namespaces blank if using Azure to configure SSO
Once these settings have been updated on your IDP, Risk Cloud will need your metadata file to activate SSO.
Enable and Configure SSO in Risk Cloud
1. If you are an Admin User and want to enable SSO, go to Risk Cloud's Admin > Integrations page.
2. On the Integrations page, enable SSO using the toggle.
3. Once the toggle is enabled, click the 'Edit Configuration' option to open the 'Configure Single Sign On' modal.
- If needed, download the SP metadata to be uploaded to your IDP. Once the IDP metadata is generated, upload it into the gray box, and your SSO will be ready.
It is essential that you do not use the LogicGate app in the Azure Marketplace. You'll need to create a custom app in Azure for LogicGate and follow the steps above for 'Non-Okta' Single Sign On, detailed above.
The same steps should be followed to enable Single-Sign-On for OneLogin as for 'Non-Okta' Single Sign-On.
The only distinction for the One Login setup is that the Recipient field of your IDP should be the same as the ACS URL field.
In Okta, please follow these steps:
Go to Applications
Click 'Add Application'
Search for 'LogicGate'
Click 'Add' next to the LogicGate results
On the 'Sign On' tab, click 'Edit.'
Enter the the ACS URI, and Audience URI listed above
Once these settings have been updated on your IDP, LogicGate will need your metadata file to proceed with the SSO activation. Send this file to your email@example.com, who will complete the setup.