Integrate Rippling with Kisi
This is a Kisi-built integration, maintained and supported by Kisi.
The Rippling integration with Kisi allows you to automatically sync your Rippling accounts with Kisi, set up SSO, and simplify access control in your office.
Prerequisites
- a Kisi organization owner account
- a valid and activated SSO license
Before setting up the integration, ensure you are logged in as the Kisi organization owner and have a valid, activated SSO license. If these prerequisites are met and the SSO & SCIM option is still not visible on the dashboard, please reach out to Kisi Support for assistance.
Generate a Kisi API key
You need to have organization administrator or organization owner rights to create an API key. We recommend creating API keys from the organization owner's account, to avoid the API key becoming invalid when an organization admin loses their admin rights.
- Sign in to Kisi
- On the top right corner, click on your name and click on My Account
- Next, select the API tab and click on Add API Key
- Enter your name, your Kisi password, and your verification code and click Add
- Copy the API key shown on the screen and click Close
Set up the integration in Rippling
- Sign in to Rippling
- Search for Kisi and click Install
- Choose to install the integration, and reach the API key configuration page
- Paste the API key you generated into the designated field
- Choose who and when should have accounts in Kisi
- Continue; you will match your employees to accounts in Kisi later
- Choose the offboarding procedure
Continue to SSO setup in Rippling
- In Rippling, click Continue with single sign-on
- You'll see the SSO configuration page with:
- Metadata URL: Copy this URL for use in Kisi
- Organization domain field: You need to fill this with your Kisi organization domain
Configure SSO in Kisi
- In Kisi, navigate to settings icon > SSO & SCIM
- In the Metadata URL field, paste the metadata URL from Rippling
- Click Generate Certificate
- Click Save
- Copy your Organization domain from the general settings page
Complete and test SSO setup
- Return to the Rippling SSO configuration page
- In the organization domain field, paste your Kisi organization domain
- Click Save Details and move to the next step to finish the SSO configuration
- Choose whether to share Kisi admin privileges with the SSO
- Test the SSO connection by signing in to Kisi via Rippling
Configure group mapping and match users
Match user accounts
After completing the setup, you'll see a Matches page with three tabs showing user account matches:
- Matched accounts: Users with matching email addresses in both Rippling and Kisi
- No Kisi matches: Users that exist in Rippling but not in Kisi
- No Rippling account matches: Users that exist in Kisi but not in Rippling
Create Kisi accounts for Rippling users
For existing Rippling users who don't have Kisi accounts:
- Review the No Kisi matches tab
- Click on the 3 dots near each user's account you want to sync
- Select Create Kisi account
- Repeat for all desired users
Prepare groups in Kisi
Before mapping users, ensure your Kisi groups are properly configured with the necessary access rights. Rippling will fetch these groups from Kisi.
Map users to groups in Rippling
- In Rippling, open the group you want to configure
- Click Membership rules
- Configure membership criteria based on:
- User roles
- Locations
- Specific users
- Other Rippling fields (department, employment status, etc.)
- Save your membership rules
Only users who are mapped in Rippling AND have matching Kisi accounts will be placed in the correct groups. Ensure all desired users have been matched.
Newly added users in Rippling will be automatically added to the correct groups based on the membership rules and their newly created Rippling account. However, changes to membership rules in Rippling may not immediately sync to Kisi. Admins should always double-check that group membership changes have been correctly pushed from Rippling to Kisi, and manually update or re-sync if necessary.
Flexible authentication: SSO or password
Kisi organizations with Single Sign-On (SSO) enabled can, if needed, also enable authentication with password for users. If enabled, the user will be able to log in with email and password. If the user is in the organizations' IdP directory, an SSO login will also be available.
User removal impact on event logs
If you're utilizing a Single Sign-On (SSO) platform and an employee is removed, upon reviewing the Event history, the logs related to that user will continue displaying the user's name, even though they've been removed from the system.