Setup Single Sign-On (SSO) for Rise Vision – Rise Vision Digital Signage Help Center

Single Sign-On (SSO) lets your users sign in to Rise Vision using their existing identity provider credentials via Security Assertion Markup Language (SAML). This setup simplifies user access and management. Rise Vision supports any SAML-based identity provider and has been validated with Microsoft Entra, Google Workspace, Okta and ClassLink.

Instructions

1. Set Up SAML in Your Identity Provider

Before enabling SSO in Rise Vision, you must create a custom SAML app in your identity provider with the following settings:

Assertion Consumer Service URL: https://rvaserver2.appspot.com/sso/acs
Service Provider Entity ID: https://rvaserver2.appspot.com/sso/sp

2. Enable SSO in Rise Vision

Log in to your account at risevision.com
Select Settings from the navigation tab on the left.
Select SSO Settings.
Select the Enable SAML Single Sign On (SSO) to reveal several fields and options.

Paste your identity provider SAML details into the SSO Provider ID and SSO Provider URL fields provided.
For the X.509 Certificate, paste the entire text starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----.

3. Optional: Enforce SSO for Non-Admin Users

By default, users can choose to log in using a password or SSO. To require all non-admin users to use SSO:

Enable the Require SSO for all users option.

Note: System Administrators can always log in with their password to prevent lockout situations.

4. Optional: User Provisioning Through Your Identity Provider

You can manage user details via your identity provider. Changes made there will be reflected in Rise Vision the next time a user signs in. To enable user provisioning:

Toggle on the Enable SSO User Provisioning option.
Supported User Attributes
- First Name
- Last Name
- Email (Username, Work Email)
- User Roles: Teacher, Screen Share Moderator, Content Editor, Content Publisher, Display Administrator, System Administrator
The following user attributes are NOT supported
- Company Role
- Phone Number
- Status

Removing Users

If a user is deleted from Rise Vision but not your identity provider, they will be automatically re-added on next SSO login. Always remove users from your IdP to fully revoke access.

Additional Documentation for User Provisioning

Enable SSO and Provision Users with Google Workspace

Behavior Notes

SSO settings do not cascade to sub-companies automatically. To use SSO across sub-companies:
- Manually enable and configure SSO in each sub-company’s settings
- Users retain their permissions across all nested sub-companies
Can you provide metadata for setup

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor
  xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
  entityID="https://rvaserver2.appspot.com/sso/sp"
  validUntil="2026-09-22T00:00:00Z"
  cacheDuration="PT604800S">

  <md:SPSSODescriptor
    AuthnRequestsSigned="false"
    WantAssertionsSigned="false"
    protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

    <md:NameIDFormat>
      urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
    </md:NameIDFormat>

    <md:AssertionConsumerService
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      Location="https://rvaserver2.appspot.com/sso/acs"
      index="1"/>
  </md:SPSSODescriptor>

  <md:Organization>
    <md:OrganizationName xml:lang="en-US">Rise Vision Inc.</md:OrganizationName>
    <md:OrganizationDisplayName xml:lang="en-US">Rise Vision</md:OrganizationDisplayName>
    <md:OrganizationURL xml:lang="en-US">https://www.risevision.com</md:OrganizationURL>
  </md:Organization>
</md:EntityDescriptor>

Have a suggestion or feature request? Let us know here.

Articles in this section