Enterprise SSO
Configure SAML 2.0 single sign-on for your workspace. Requires Enterprise plan.
Enterprise workspaces can use SAML 2.0 SSO to authenticate members through a corporate identity provider (IdP) — such as Okta, Azure AD, or Google Workspace.
Requirements
- Enterprise plan
- Owner or Admin role in your Ringo workspace
- Access to your company's identity provider admin console
Setup
Step 1 — Open SSO settings
Go to Settings → SSO in Ringo.
Step 2 — Register Ringo as a Service Provider in your IdP
You'll need to provide your IdP with two values from Ringo:
| Value | Where to find it |
|---|---|
| SP Metadata URL | Shown in Settings → SSO after saving |
| ACS URL | https://ringoai.app/api/auth/saml/callback |
In your IdP admin console, create a new SAML application and enter the above values.
Step 3 — Enter IdP details in Ringo
Back in Settings → SSO, fill in:
- IdP Entity ID — from your IdP configuration
- IdP SSO URL — the sign-in URL from your IdP
- IdP X.509 Certificate — the PEM certificate from your IdP
Click Save Configuration.
Step 4 — Test SSO
Sign out of Ringo and try signing in with SSO using your work email. If the configuration is correct, you'll be redirected to your IdP, and returned to Ringo after successful authentication.
Enforce SSO
Enabling Enforce SSO in Settings → SSO requires all workspace members to sign in through SSO. Email and Google login are disabled.
Test SSO login before enabling enforcement to make sure it works for your team. Locking out members requires contacting support to resolve.
Auto-provision new users
When enabled, Ringo automatically creates accounts for users from your IdP who sign in for the first time — no manual invitation required.
Disabling SSO
Contact contact@ringoai.app to disable SSO for your workspace.