SSO is available only on RocketReach Enterprise plans. If you are interested in enterprise pricing, you can contact us here.
|Service Provider (SP)||A vendor that provides services to your organization. In the context of SSO, the SP is RocketReach.|
|Identity Provider (IdP)||A company that provides user authentication services. IdPs manage whether an employee can access a SP such as RocketReach or other applications. Okta and OneLogin are two common IdPs.|
|Security Assertion Markup Language (SAML)||The language the IdP and SP communicate with. RocketReach follows the SAML 2.0 technical specification to exchange information with your organization's IdP.|
|Attributes||Information about an employee that an IdP uses for authentication. RocketReach requires 4 attributes: First Name, Last Name, Email, and Name ID.|
|Assertion||An assertion is made up of one or more statements. RocketReach requires certain attribute statements in our assertions.|
SAML and How it Works
SAML (Security Assertion Markup Language) is an XML standard that allows secure web domains to exchange user authentication and authorization data. You can configure RocketReach to use an external identity provider (IdP) to authenticate users over SAML 2.0. No user credentials are stored with RocketReach.
Single sign-on through SAML
Advantage of SSO
The advantage to using enterprise single sign-on is that you have complete control over your users, behind your firewall. You authenticate your users once, against your own user authentication system, and then grant them access to resources both inside and outside of your firewall. This also means that your user management is performed outside of RocketReach, but your corporate user authentication system is still synced with RocketReach. So if you add a user account for a new employee, they will have immediate access to RocketReach. Similarly, if you delete a user account that employee will no longer have access to your RocketReach account.
Please note that despite blocking the user’s access to your RocketReach account within your IDP, you will still need to remove the user’s account from RocketReach manually.