Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Ripple SSO Setup and API Access

When SSO Is Needed:

SSO is typically required or strongly recommended in the following situations when using Ripple (or any research platform handling patient data):

  1. Institutional or HIPAA-compliant environments

    • Universities, hospitals, or research centers that manage Protected Health Information (PHI) often require SSO to meet HIPAA, 21 CFR Part 11, or institutional IT policies.

  2. Large teams with multiple user roles

    • SSO simplifies identity and access management by allowing users to log in using their institutional credentials (e.g., their university or hospital login).

  3. Compliance with internal security frameworks

    • Organizations with IT departments that enforce centralized identity and security policies often require SSO integration to maintain auditability, access control, and password standards.

  4. Sites requiring automatic account provisioning or deactivation

SSO can integrate with an organization's identity provider (e.g., Okta, Microsoft Azure AD) to automatically manage user access as staff join or leave.

Enabling Single Sign-On (SSO) in Ripple

Ripple supports integration with Single Sign-On (SSO) using the SAML 2.0 protocol, allowing your organization to authenticate users through your existing Identity Provider (IdP). This enhances security, simplifies login management, and improves the user experience by enabling access to Ripple through a centralized login.

By default, Ripple users log in using a unique email and password combination specific to their Ripple site. However, SSO can be enabled for teams that prefer to authenticate users through their own IdP.

Ripple supports a minimum of TLS version 1.2 and is compatible with TLS 1.3 for secure communication.

SSO Configuration Requirements

To enable SSO on your Ripple site, our team will collaborate with your technical team to exchange the necessary credentials. The following information is required:

  • Identity Provider (IdP) Certificate(s) and public key(s)

  • Metadata URL(s) for the IdP or Service Provider

  • SSO Login and Logout Endpoints from your IdP

  • Assertion Consumer Service (ACS) URL provided by Ripple

Once this information is shared, Ripple will complete the configuration and testing to enable SSO for your users.

API Access for SSO-Enabled Sites

For teams using SSO, API access requires a secondary, dedicated user account. This is because API authentication is managed separately from SSO logins.

Steps to Enable API Access:

  • Create a Secondary API User Account
     Format the email as: example_name+apitoken@youremail.com
  • User Generates a Password for the API Account
     This password will be inserted into the account by Ripple Support or your Site Admin.
  • Generate an Authorization Token
     Use the following command to create a base64-encoded token:
  • echo -n 'example_name+apitoken@youremail.com:<password>' | base64
  • Make API Requests Using cURL
     Once you have the token, use it in your API request. For example:

curl--header'Authorization:Basic<your auth token>''https://<your-ripple-site>/v1/export'      --data-raw 'export-type=global&export-timezone=America%2FChicago&globalId=on'> ~/RippleScience/example.csv


NOTE: SSO is a one-time configuration and subject to a setup fee. Your CSM will provide a customized quote based on your institution's needs.