Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tryrisotto.com/llms.txt

Use this file to discover all available pages before exploring further.

Dashboard Authentication Setup

Configure Single Sign-On (SSO) for your Risotto dashboard to enable secure, seamless authentication using your organization’s existing identity provider.
Contact Risotto Support: SSO configuration requires enablement by Risotto support. Contact your account representative or support@tryrisotto.com to activate SSO for your organization before beginning setup.

Prerequisites

Before configuring SSO, ensure you have:
  • Administrative access to your identity provider
  • SSO enabled by Risotto support team

Supported Identity Providers

Overview

Configure SAML-based authentication using Okta Workforce Identity to allow your users to sign into the Risotto dashboard with their Okta credentials.

Supported Features

The Risotto SAML integration supports the following Okta features:
  • SP-initiated SSO — Users sign in from the Risotto dashboard and are redirected to Okta to authenticate.
  • IdP-initiated SSO — Users launch Risotto directly from their Okta End-User Dashboard.

Step 1: Request Risotto Support to Enable SSO

  1. Reach out to Risotto Support and request to enable Dashboard SSO via Okta.
  2. Risotto Support will provide your risotto_org_id.
Your risotto_org_id is the unique identifier for your Risotto organization. Okta uses it to link the Risotto catalog app to your account. You enter this value when adding the app in Step 2, so keep it on hand.

Step 2: Add the Risotto App from the Okta Catalog

  1. Sign in to your Okta Admin Console
  2. Navigate to Applications > Applications
  3. Click Browse App Catalog
  4. Search for Risotto and select it from the results
  5. Click Add Integration
  6. In the app’s configuration settings, enter the risotto_org_id that Risotto Support provided in Step 1
Aside from your risotto_org_id, the Risotto catalog integration is preconfigured with all required SAML settings, attribute statements, and Name ID format. There is no other manual SAML configuration to complete — you only need to share your metadata with Risotto (see Step 4).

Step 3: Assign Users and Groups

  1. Navigate to the Assignments tab of your Risotto app
  2. Click Assign > Assign to Groups or Assign to People
  3. Select the users/groups who should have access to Risotto
  4. Click Done

Step 4: Share Metadata URL with Risotto Support

  1. In Okta, go to the Sign On tab of your Risotto app
  2. Copy the Metadata URL from the SAML setup instructions
  3. Share the Metadata URL with the Risotto team
  4. Request the Risotto team to enforce SSO for your organization

Testing

Test the integration by:
  1. Opening an incognito/private browser window
  2. Navigating to your Risotto dashboard
  3. Clicking Sign in with Okta
  4. Verifying successful authentication and access

Overview

Google Workspace offers two authentication methods for the Risotto dashboard: Sign in with Google (OAuth) for simple setups, or SAML for enterprise requirements.Best for: Organizations wanting quick setup with Google OAuth
  1. Navigate to Risotto Dashboard > Settings > Authentication
  2. Click Add SSO Connection
  3. Select Google (OAuth)
  4. Enter your Google Workspace domain
  5. Click Configure with Google
  6. Complete the OAuth authorization flow with a Google Workspace admin account
  7. Enable the connection
Benefits of OAuth:
  • Simple one-click setup
  • Automatic user provisioning
  • Built-in MFA support through Google
  • No certificate management required

Option 2: Google SAML Configuration

Best for: Organizations requiring SAML compliance or advanced attribute mapping

Step 1: Create SAML Connection in Risotto

  1. Navigate to Risotto Dashboard > Settings > Authentication
  2. Click Add SSO Connection
  3. Select Google (SAML)
  4. Enter your email domain and connection name
  5. Note the Single Sign-On URL and Audience URI

Step 2: Configure SAML App in Google Admin

  1. Sign in to your Google Admin Console
  2. Navigate to Apps > Web and mobile apps
  3. Click Add app > Add custom SAML app
App Details:
  • App name: Risotto Dashboard
  • Description: SSO access to Risotto IT automation platform
Google Identity Provider Details:
  • Download the certificate and note the SSO URL
Service Provider Details:
  • ACS URL: Use Single Sign-On URL from Risotto
  • Entity ID: Use Audience URI from Risotto
  • Start URL: Leave blank
  • Signed response: Checked
  • Name ID: Basic Information > Primary email
Attribute Mapping:
Google Directory attributesApp attributes
Primary emailmail
First namefirstName
Last namelastName

Step 3: Complete Configuration

  1. Return to Risotto dashboard
  2. Upload the Google SAML certificate
  3. Enter the Google SSO URL
  4. Save and enable the connection

Overview

Configure SAML-based authentication using Microsoft Entra ID (formerly Azure AD) to enable secure dashboard access for your organization.

Step 1: Create SAML Connection in Risotto

  1. Navigate to Risotto Dashboard > Settings > Authentication
  2. Click Add SSO Connection
  3. Select Microsoft Entra ID (SAML)
  4. Enter your email domain and connection name
  5. Note the Single Sign-On URL and Audience URI

Step 2: Configure Enterprise Application in Entra ID

  1. Sign in to the Azure Portal
  2. Navigate to Microsoft Entra ID > Enterprise Applications
  3. Click New application > Create your own application
  4. Name it Risotto Dashboard and select Integrate any other application
Single Sign-On Configuration:
  1. Select SAML as the SSO method
  2. Click Edit in the Basic SAML Configuration section
Basic SAML Configuration:
  • Identifier (Entity ID): Use Audience URI from Risotto
  • Reply URL (Assertion Consumer Service URL): Use Single Sign-On URL from Risotto
  • Sign on URL: Your Risotto dashboard URL
  • Relay State: Leave blank
User Attributes & Claims:
Claim nameSource attribute
emailaddressuser.mail
givennameuser.givenname
surnameuser.surname

Step 3: Assign Users and Groups

  1. Navigate to Users and groups in your Enterprise Application
  2. Click Add user/group
  3. Select users or groups that should have Risotto access
  4. Click Assign

Step 4: Complete Risotto Configuration

  1. In Azure, go to Single sign-on > SAML Certificates
  2. Download the Certificate (Base64)
  3. Copy the Login URL
  4. Return to Risotto dashboard configuration
  5. Upload the certificate and enter the Login URL
  6. Save and enable the connection

User Management

Provisioning

Risotto does not create accounts automatically through SSO — Just-In-Time (JIT) provisioning is not supported. Users must already have a Risotto account before they can sign in, so invite them to your Risotto organization first. Once a user exists, SSO matches them by email address and signs them in with their existing Risotto profile and permissions.

Deprovisioning

Account Suspension: Users removed from SSO assignments in your identity provider will lose access to Risotto. Ensure proper coordination between identity management and Risotto administration.