IDENTITY & ACCESS MANAGEMENT
RIPPLING
Creating, inviting, and deleting users
There are two ways in which Rippling can decide that
an account should be created or removed:
• When an access rule changes (for instance, when an
app administrator adds an account as an exception)
• When an employee attribute changes (for instance,
when their start date occurs)
When either of these occurs, Rippling checks the
employee’s attributes against the configured access
rules both before and after the change, and if the
result is different, Rippling uses the API to create or
remove the employee’s account in the cloud service.
In most cases, Rippling does this by making a
POST call to an endpoint in the service’s API. The
details depend on the particular API, but the POST
body payload generally contains the employee’s
name, email address, and any other employee
attributes that the service supports. Rippling checks
the response of the POST call and correlates it with
the results of fetching the user list from the service
to be sure the account status changed successfully.
This “closed loop” process ensures that the
account status you see in Rippling is an accurate
representation. And if there’s ever a problem
detected with creating an employee account (e.g.,
the service requires purchasing additional licenses to
provision the account), Rippling will notify the app
administrator via email and with a notification on their
Rippling dashboard.
Some services don’t expose an API endpoint to
create accounts directly but do have an API endpoint
that sends invitations to the employee’s email
address which must be accepted before their account
is created. For apps that use this invitation model,
Rippling sends the invitation and then polls at least
every 30 minutes to see when the user has accepted
the invitation, and this status is displayed in the app
dashboard in Rippling.
Work email address
When onboarding a new hire in Rippling, the hiring
manager is prompted for whether the new hire should
get a work email address or not. If the hiring manager
says yes, Rippling will collect the work email address
of the new hire and use it to send the invitation for their
accounts. Otherwise, their accounts will be created
under the employee’s personal email address.
GitHub usernames
Some services like GitHub require a new user’s
username rather than their email address to create an
account. If a new hire is configured to get access to
one of these services, Rippling will prompt the new
hire for their username during onboarding, then send
the invitation using that username. Administrators
may also enter GitHub usernames on the employee’s
profile page in Rippling.
Software licenses
Many cloud services support different license types
for user accounts, and it’s important to create
accounts with the right license types based on the role
of the corresponding employee. Rippling lets you
manage how licenses are assigned using smart group
rules. For instance, in the video conferencing service
Zoom, employee accounts can have either Pro,
Business, or Basic licenses, which can be managed in
Rippling as groups.
This means you can give some employees (like full-
time sales reps) Zoom Business accounts and others
(like contractors) Zoom Basic accounts.