Skip to main content

SAML Identity Provider Integration

Rokt uses Auth0 for user authentication. You can connect your enterprise Identity Provider (IdP) to Rokt — acting as the Service Provider (SP) — yourself using Rokt's Self-Service SSO setup, without exchanging configuration details over email.

How it worksDirect link to How it works

Self-Service SSO is a guided, Rokt-branded setup wizard that walks you through creating your SAML connection end to end. You enter your IdP details directly in the wizard, copy Rokt's SP details into your IdP, test the connection, and go live — all on your own schedule. Rokt never needs you to email us certificates or configuration.

Contact your Rokt account manager (AM) and ask them to generate a Self-Service SSO setup link for your organization.

Your AM will send you a secure, single-use link. Opening it launches the Rokt Setup wizard for configuring your SAML connection.

info

The setup link is single-use and time-limited. If it expires or you need to start over, ask your account manager to issue a new one.

The setup link provisions SP-Initiated SSO, which is strongly recommended. If you need IdP-Initiated SSO, request it from your account manager when you ask for your link — Rokt must provision your connection to support IdP-Initiated sign-in, so it is not enabled by the standard self-service link.

info

Before requesting IdP-Initiated, please review the risks.

2. Complete the Rokt Setup wizardDirect link to 2. Complete the Rokt Setup wizard

Open the setup link from your account manager and follow the wizard:

  1. Select your identity provider and SAML as the protocol.

  2. Configure your IdP with Rokt's SP details. The wizard displays the values you need to register Rokt as an application in your IdP, including:

    • Single Sign-On / Assertion Consumer Service (ACS) URL — where your IdP sends the SAML response.
    • Entity ID / Audience — Rokt's SP identifier (for example, urn:some:aud).
    • Rokt's SP metadata, which you can import directly into your IdP.
  3. Enter your IdP details — your IdP's sign-in URL and signing certificate (in PEM or CER format).

  4. Map user attributes. Include all of the following attributes in your SAML assertions — they are all required. Attribute keys must be lowercase, and custom attributes are not supported.

    • email
    • name (display name)
    • given_name
    • family_name

3. Test and finishDirect link to 3. Test and finish

Use the wizard's test step to verify the connection end to end. Once the test succeeds, complete the wizard to finish setup.

After your connection is live, users with an email from your configured domains will authenticate through your IdP. Users may be prompted to reverify their email the first time they sign in.

Provision users with SCIM (optional)Direct link to Provision users with SCIM (optional)

SCIM lets your IdP automatically provision and deprovision Rokt users. It runs on top of your SAML connection, so complete the SAML setup above first. Once your connection is live, ask your account manager to enable SCIM.

Attribute mappingDirect link to Attribute mapping

Rokt's SCIM server needs each user's identifier and active status. By default it expects the following fields in the SCIM request from your IdP:

Expected fieldDescription
userNamePrimary identifier for the user via SAML (email)
activeWhether the user should be active (true / false)

If your data uses different field names or formats, you can either:

  • Update your IdP to map your data to the fields above, or
  • Provide Rokt with a custom mapping from your fields to the expected field names.

Enable and testDirect link to Enable and test

Tell your account manager you want to enable SCIM and discuss any mapping needs. Rokt will provide:

  • SCIM Base URL
  • API Key

After testing succeeds, you can provision and manage your active Rokt users via SCIM using the provided URL and API key.

tip

Need a non-SAML provider (such as Active Directory or Google Workspace) or help while running the wizard? Let your account manager know.

Was this article helpful?