
Connect Rippling to Abnormal Security to anchor AI-powered email threat detection to your authoritative employee identity data.
We configure Rippling as the identity data source feeding Abnormal Security's employee behavioral model, ensuring new hires are enrolled in threat detection from day one and departed employees are removed promptly.

Abnormal Security is used by US mid-market and enterprise companies wanting AI-powered email security that detects and blocks socially engineered attacks beyond what traditional email filters catch.
Canadian and cross-border operations: For companies with Canadian entities, thePeopleStack confirms Abnormal Security's identity data feed includes Canadian employees and that any data handling configurations reflect PIPEDA requirements.
Rippling provides the authoritative employee identity data that Abnormal Security uses to establish behavioral baselines and detect anomalous email behavior for each employee.
Yes — new hire events in Rippling can signal Abnormal Security to establish a behavioral baseline for the new employee from day one.
Yes — termination events in Rippling signal Abnormal Security to update the identity model, removing the departed employee's behavioral baseline and flagging any continued activity from their credentials as anomalous.
A standard integration typically takes 2–4 hours.
For companies with Canadian entities, we confirm Abnormal's identity data configurations include Canadian employees and reflect any PIPEDA data handling requirements.