Skip to content
  • There are no suggestions because the search field is empty.

ENROLLNOW SSO SETUP AND API ACCESS

When SSO Is Needed:

SSO is typically required or strongly recommended in the following situations when using EnrollNow (or any research platform handling patient data):

  1. Institutional or HIPAA-compliant environments

    • Universities, hospitals, or research centers that manage Protected Health Information (PHI) often require SSO to meet HIPAA, 21 CFR Part 11, or institutional IT policies.

  2. Large teams with multiple user roles

    • SSO simplifies identity and access management by allowing users to log in using their institutional credentials (e.g., their university or hospital login).

  3. Compliance with internal security frameworks

    • Organizations with IT departments that enforce centralized identity and security policies often require SSO integration to maintain auditability, access control, and password standards.

  4. Sites requiring automatic account provisioning or deactivation

SSO can integrate with an organization's identity provider (e.g., Okta, Microsoft Azure AD) to automatically manage user access as staff join or leave.

Enabling Single Sign-On (SSO) in EnrollNow

EnrollNow supports integration with Single Sign-On (SSO) using the SAML 2.0 protocol, allowing your organization to authenticate users through your existing Identity Provider (IdP). This enhances security, simplifies login management, and improves the user experience by enabling access to EnrollNow through a centralized login.

By default, EnrollNow users log in using a unique email and password coEmbination specific to their EnrollNow site. However, SSO can be enabled for teams that prefer to authenticate users through their own IdP.

EnrollNow supports a minimum of TLS version 1.2 and is compatible with TLS 1.3 for secure communication.

SSO Configuration Requirements

To enable SSO on your EnrollNow site, our team will collaborate with your technical team to exchange the necessary credentials. The following information is required:

  • Configuration from Identity Provider (IdP)
    • Identity Provider (IdP) Certificate(s) and public key(s)
    • SSO Login and Logout Endpoints from your IdP
  • Configuration from EnrollNow (Service Provider or SP)
    • Metadata URL(s) (https://labname.ripplescience.com/saml/metadata.xml)
    • Assertion Consumer Service (ACS) URL (https://labname.ripplescience.com/saml/assert)
Once this information is shared, EnrollNow will complete the configuration and testing to enable SSO for your users.

API Access for SSO-Enabled Sites

For teams using SSO, API access requires a secondary, dedicated user account. This is because API authentication is managed separately from SSO logins.

Steps to Enable API Access:

  • Create a Secondary API User Account
     Format the email as: example_name+apitoken@youremail.com
  • User Generates a Password for the API Account
     This password will be inserted into the account by EnrollNow Support or your Site Admin.
  • Generate an Authorization Token
     Use the following command to create a base64-encoded token:
  • echo -n 'example_name+apitoken@youremail.com:<password>' | base64
  • Make API Requests Using curl
     Once you have the token, use it in your API request. For example:

curl--header'Authorization:Basic<your auth token>''https://<your-enrollnow-site>/v1/export'      --data-raw 'export-type=global&export-timezone=America%2FChicago&globalId=on'> ~/RippleScience/example.csv

NOTE: SSO is a one-time configuration and subject to a setup fee. Your CSM will provide a customized quote based on your institution's needs.