SSO and SAML Setup

SSO replaces per-user passwords with your identity provider, handles MFA centrally, and revokes access from one place. Worth the setup for any org over about 20 users.

Supported providers

Any SAML 2.0 or OIDC provider works, including Okta, Microsoft Entra ID, Google Workspace, OneLogin, Auth0, and generic SAML 2.0.

Setup at a glance

1. 01Go to Settings then SSO then New connection and pick your provider.
2. 02Rivolq generates an SP metadata URL and ACS URL for your IdP admin.
3. 03Your IdP admin configures Rivolq as a SAML application and returns an IdP metadata URL or XML.
4. 04Paste the IdP metadata into Rivolq.
5. 05Configure attribute mapping.
6. 06Test with one user before rollout.

Attribute and group mapping

Map email to the IdP email or mail field, full name to displayName or cn, and role from group membership. Map IdP groups such as rivolq-admins, rivolq-engineers, and rivolq-viewers to Rivolq roles, so role management happens in your IdP.

Domain verification and enforcement

Verify your domain via a DNS TXT record before enabling enforcement. Choose Optional, Required for SSO domain, or Required for all. Keep a non-SSO emergency admin so you do not lock yourself out. SCIM provisioning under Settings then SSO then SCIM provisioning adds full account lifecycle management. Test with a non-admin first and roll out in phases.