## Create SAML application with Rippling

This guide outlines the steps to create and configure a SAML application in Rippling, including setup, user assignments, and testing.

### Step 1: Create SAML application

1. Log in to your Rippling dashboard and click **IT → Third-Party Access** in the left sidebar.


![google](/assets/rippling-1.4b37c398b83b87adaa62aeb7a59f660ddeaa9ae14f56bdee9d346ed43661459a.dba07de7.png)

1. Choose **Add integration → Create a new custom integration**.
2. Enter the name of your application, select the required categories, and upload the required logo.
3. Select **Single Sign-on (SAML)** as the application type.
4. Click **Continue**.


![google](/assets/rippling-2.b003723e0e1af28e01853c7cbf3d07f82825307d05ab407cfe7202423e096b3b.dba07de7.png)

![google](/assets/rippling-3.e539aa90564de1730505f47629640aa2a0d097741de97c7b095cff3544ad9e84.dba07de7.png)

1. Select **Yes, I'll install this integration** and click **Continue**.


### Step 2: Set up Single Sign-On for the application

1. Scroll down to the **Assertion Consumer Service URL** and **Service Provider Entity ID** fields, and paste the values that are provided by your service provider into their corresponding inputs (ACS URL and SP Entity ID) in Rippling:


![google](/assets/google-5.9272286685be93137a94dfffaf0a1270bdc63ddf82f08151a1bbec989b45e1f1.dba07de7.png)

br
![google](/assets/rippling-4.3e39aa5cd7a70df0e3c1a83beb7d0c25947dc098167999d1eb3089d50dce4f0f.dba07de7.png)

1. Click **Move to Next Step**.


### Step 3: Set up access

1. Select the access permissions based on your requirements. By default, choose **Everyone except contractors should have an account**.


![google](/assets/rippling-5.b061cab52104a86ef283a107bffcb7be7e4399b0bbf5097668b68952259edad1.dba07de7.png)

1. Click **Continue**.
2. Set the access timing according to your requirements. By default, set **As soon as they've signed their offer letter or agreement**.


![google](/assets/rippling-6.e14735dbf1a129d33dda78ac492a452dbec456546a35b320345acf063a866a91.dba07de7.png)

1. Click **Continue**.
2. Select the shared admin SSO, depending on your requirements. By default, set **Let [ACCOUNT_NAME] admins sign in to [APP_NAME] admin account** and provide the email address of the admin.


![google](/assets/rippling-7.4aec5b5e39fc49c2a97167d0676384b74d7250a2b41c438d7031a66a6482c0bc.dba07de7.png)

1. Click **Continue**.


### Step 4: Create group attribute

1. Click **Create new attribute value**.
2. If required, provide the optional attribute description.
3. If required, set the group attribute options.


![google](/assets/rippling-8.a8c2508959e8e86526751a92fc241326421e6ffdd4aa4deb7fc64de9b45b3017.dba07de7.png)

1. Fill in the attribute value name, assign the people to be included in the group and click **Save**.


### Step 5: Update identity provider details

1. To complete the implementation of SAML SSO, you need to provide the application with your identity provider's metadata. To complete this step you may need to go back to the SSO settings from **Step 2**.


#### Automatic configuration

- Scroll down to the **IdP metadata URL** tab of the SAML app you just created.
- Copy the **IdP metadata URL** and paste it below.


![onelogin](/assets/onelogin-14.42b404b40982623f6a5810936ce27b7bd4ca2b23a2f79570cfd244aad67c33e0.dba07de7.png)

#### Manual configuration

- Copy the value of the **Single Sign-on URL** and **X.509 Certificate** fields, and then paste them into the appropriate fields in the form below.


![onelogin](/assets/onelogin-16.6007ca9b9df24eebaeb151443a470ae3afe44ef229bb61b75a03102487883ccc.dba07de7.png)

### Step 6: Proceed with domain claiming and role assignment

1. Click on **Proceed with domain claiming and role assignment** to confirm the completion the configuration of the IDP form.
2. Follow the instructions in the [Self-service SAML configuration](/ciam/guides/authentication/sso/self-service/saml#claim-domain) guide to complete this step and manage authorization.