How to integrate Risk Cloud with your SAML 2.0 IdP
Risk Cloud supports Single Sign-on (SSO) using the SAML2.0 protocol.
Non-Okta Single-Sign On
Your Customer Success Manager can provide you with a copy of your metadata file if necessary. If you'd like to pull the The key inputs for your IDP will be structured as follows, where <SUBDOMAIN> is the part of your Risk Cloud URL before '.logicgate.com'. Note: If your Risk Cloud environment is hosted in the EU, you will need to replace the URLs above from sso.logicgate.com with auth-eu.logicgate.com.
Entity ID (aka Audience URI):
User Identifier: Email Address
Namespaces (for Azure AD): please leave namespaces blank if using Azure to configure SSO
Once these settings have been updated on your IDP, Risk Cloud will need your metadata file to proceed with the SSO activation.
To update SSO yourself, go to the Admin > Integrations page in Risk Cloud. On the Integrations page, enable SSO using the toggle.
Once the toggle is enable, click the 'Edit Configuration' option to open the 'Configure Single Sign On' modal. If needed, download the SP metadata to be uploaded to your IDP. Once the IDP metadata is generated, upload it into the gray box and your SSO will be ready to go.
Azure Single-Sign On
It is important to not use the LogicGate app in the Azure Marketplace. You must create a custom app in Azure for LogicGate and follow the same steps above for 'Non-Okta' Single Sign On, detailed above.
OneLogin Single-Sign On
The same steps should be followed to enable Single-Sign On for OneLogin as above steps for 'Non-Okta' Single Sign On.
The only distinction for One Login setup is the Recipient field of your IDP should be set the same as the ACS URL field.
Okta Single-Sign On
In Okta, please follow these steps:
Go to Applications
Click 'Add Application'
Search for 'LogicGate'
Click 'Add' next to the LogicGate results
On the 'Sign On' tab, click 'Edit'
Enter the the ACS URI and Audience URI listed above
Once these settings have been updated on your IDP, LogicGate will need your metadata file to proceed with the SSO activation. To obtain the XML metadata file click "Identity Provider Metadata" and download the file. Send this file to your Customer Success Manager who will then complete the setup.
Reach out to email@example.com if you have any questions!