7 powerful (yet simple) steps to secure your Rippling tenant

Managing user identities, devices, and security for your entire company can be a lot to juggle. And traditional HRIS systems, which contain large amounts of highly sensitive company info and employee data, often make things more complicated by requiring additional tools and point solutions to keep everything secure. Disconnected or poorly integrated tools require extra attention and keep you from the work that matters. 

Here at Rippling, we take security seriously, which is why we built robust IT products to not only ease IT management and manual work but to protect your entire business. 

It’s critical to strike a balance between securing your single source of truth for employee data and encouraging productivity without unnecessary friction. That’s why we’ve baked key features into Rippling to safeguard your business-critical systems. All the tools and controls you need are at your fingertips.

Here are seven powerful and easy ways to secure your Rippling tenant, aka your company’s Rippling account. 

The security essentials built into Rippling

1) Multi-factor authentication (MFA) to block bad actors

Rippling supports multi-factor identification, adding another layer of security to all of your company apps and systems by requiring an additional login credential—beyond just a username and password.

Enforcing MFA for your employees is an extremely effective method for securing your company’s Rippling account. By enabling MFA, you can better protect your company and employee accounts from payroll fraud and identity theft. 

2) Single sign-on (SSO) to lock down third-party logins

Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdPs), such as Rippling, to pass authentication and authorization information to service providers (SPs), such as Google Workspace, Slack, and Asana.

With SSO, each user needs to log in only once to Rippling, and then Rippling will pass the login information to each application when the user attempts to access the third-party application. This replaces the need for employees to remember multiple usernames and passwords for each app they use, which often leads to weak password security and increased risk of a cyber attack.

In the case of any third-party apps that can’t support an SSO solution, Rippling’s browser-based password manager saves an employee’s username and password so they’re connected to the employee record and can be included in all automated workflows—like instantly revoking access when an employee is terminated.

3) Employee training to make security top of mind

Rippling Learning Management is the easiest way to train your team, whether it's to get new hires up to speed or fulfill state-mandated compliance training like anti-harassment training. It’s also a great way to educate your employees on cybersecurity threats, best practices, and ways to spot and report threats. You can share companywide security policies and make review and sign-off mandatory. 

Normally, creating a training program from scratch and managing it requires a ton of manual work to enroll new employees in courses, send them reminders to complete their courses, and monitor certification expiration dates. But Rippling puts training programs on autopilot. You only need to set up enrollment rules once. Then, Rippling automatically assigns training courses to the right employees at the right time. You can even make access to critical web apps contingent upon completing assigned courses using Rippling Supergroups. 

4) Custom reports to prepare for audits

Easily build advanced reports that include formulas, charts, and dynamic date ranges so you can show the data and insights that matter most. You can instantly share reports with customizable access for any user or group to download them as spreadsheets. A great use case for this is a SOC 2 audit: You can pull a report that includes users, their devices, their OS (and when it was last updated), encryption details, endpoint security, and more.

To simplify and secure offboarding, you’ll want confirmation that access to company resources has been revoked. With Rippling’s Application Access Count Report, you can report on and view a list of your employees, their statuses (active vs. terminated), and the applications they have access to. 

Advanced features for ultimate protection

5) Authentication policies to customize layers of security

Authentication settings in Rippling allow administrators to configure password and session policies that apply to employees logging into your company's Rippling account. You can apply one of Rippling's recommended authentication policies or set up custom policies according to your company's security needs.

You can apply these custom policies to all or some of your employees, giving you control over how your employees log into Rippling and keeping your employee data secure. You can choose to require MFA (and select the authenticator app of choice), set session timeout duration (hours or days), and adjust password requirements for extra security. 

Don’t be afraid to create multiple authentication policies for specific groups of people! Your software engineers and salespeople shouldn’t have access to the comprehensive, sensitive data HR admins do. We recommend you require a hardware security key for your SuperAdmins with a short session timeout.

6) Behavioral detection rules to flag suspicious activity

Behavioral detection rules (BDR) allow you to lock down Rippling in certain scenarios or even a single application connected to Rippling. Administrators can set up triggers for their employees upon sign-in that detect specific behavior and take a specific action based on that behavior.

BDRs look at behavior such as location, device, IP address, or failed attempts when employees are signing into Rippling or third-party apps through single sign-on. The BDR then applies a specific action, such as allowing or blocking access, setting a session lifetime, or requiring MFA, based on that behavior.

For example, you can create an ‘impossible travel’ rule set to trigger when an employee travels more than 650 miles/hour between two sign-on attempts: the first in Los Angeles and the second in Russia 20 minutes later. Their account will be blocked and require admin support to regain access. 

As another example, you can set up custom attributes to alert you if a new engineer hasn’t completed their security training just yet. Then, create a new rule to only give access to AWS or GitHub after they complete the training. This keeps highly sensitive tools locked down.

7) Endpoint security to mitigate risk and manage cyber threats

Endpoints, or end-user devices like laptops, are frequently exploited as entry points by malicious actors—and it’s only become more common with the transition to remote work and bring-your-own-device (BYOD) policies. That’s why Rippling has partnered with SentinelOne to provide customers with an industry-leading endpoint detection and response platform (EDR) to detect, analyze, block, and quarantine attacks.

When you subscribe to SentinelOne through Rippling, you can automatically deploy SentinelOne to your managed devices. SentinelOne flags threats in real time and surfaces details immediately, along with any threat mitigation efforts.

More secure with Rippling IT

There’s no need to purchase multiple point solutions to secure your HRIS. Rippling makes it easier than other mobile device management (MDM) and identity and access management (IAM) providers to do the basics in one place—enforce encryption, create password policies, keep operating systems up to date, install antivirus software on all computers, instantly remove access during offboarding, maintain compliance, and more. 

Plus, we offer advanced features that let you customize and fine-tune your tenant to meet your complex security needs and protect your business. With Rippling IT, your security goes from zero to 100 in just a few clicks. Sign up for a free trial of Rippling IT to see for yourself.