Using Security Assertion Markup Language (SAML), your users can sign in to Rise Vision using SSO with a supported identity provider. Any SAML identity provider should work. We've currently validated with Microsoft Entra (formerly Azure), Google Workspace, and Classlink.
Only sign-in is supported with SSO. Provisioning and user roles are not supported.
Enable and set up SSO
You can access your SSO settings in your account’s Company Settings. You must be an administrator to view and edit SSO settings.
- Log in to your account at risevision.com
- Click on your username on the top-right hand corner of the screen
- Choose “Company Settings”
- The SSO options will appear on the right-hand side of the settings page
Before enabling SSO, make sure to set up Rise Vision as a custom SAML app in your identity provider.
The details you need are here:
Assertion Consumer Service URL: https://rvaserver2.appspot.com/sso/acs Service Provider Entity ID: |
Once you’ve set this up, you can click on the toggle to enable SSO and fill in the details from your identity provider.
The X.509 Certificate is not a file that needs to be uploaded, but instead a long series of text that begins with BEGIN CERTIFICATE... and ends with -----END CERTIFICATE-----.
By default, using SSO is optional for your users. Enable the “Force SSO Sign-on” to force all non-admin users to sign-in using SSO.
To avoid a lockout situation, users with the “System Administrator” permission can always sign-in using their secure Rise Vision password as opposed to using SSO.
Enabling SSO for Sub-Companies
SSO users work just like password-authenticated users in that they retain their permissions in all sub-companies nested below their company. You can find out more about sub-companies and how they work in this article.
SSO settings do not cascade down to sub-companies automatically. To use SSO with sub-company users, each sub-company should have SSO enabled and configured.
Supported Identity Providers
The respective help center articles for our supported identity providers are linked below:
- Microsoft Entra
- Google Workspace
-
Classlink
- Some users have found the additional info in this article helpful for building your certificate for ClassLink.
Common Questions
Do you do attribute mapping or auto-provisioning?
No we do not. Users still need to be manually added into Rise Vision matching the email domain used with the SAML/SSO.
Can you provide us with some meta data?
Using this SAML Developer Tool, we have the following meta data for you:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
validUntil="2024-02-10T15:36:43Z"
cacheDuration="PT604800S"
entityID="https://rvaserver2.appspot.com/sso/sp">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://rvaserver2.appspot.com/sso/acs"
index="1" />
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en-US">Rise Vision Inc.</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en-US">Rise Vision</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en-US">https://www.risevision.com</md:OrganizationURL>
</md:Organization>
</md:EntityDescriptor>