Authentication and SSO

Single Sign-On integration

Tallyfy provides free Single Sign-On (SSO) integration for all customers on paid plans. Connect to your existing corporate identity systems in about 30 minutes.

Your team members use their company credentials from Microsoft Entra ID (formerly Azure AD), Google Workspace, Okta, OneLogin, JumpCloud, or other enterprise identity providers to access Tallyfy.

Paid plans include optional SSO-only enforcement settings that require everyone to authenticate exclusively through your designated identity provider.

SSO benefits

Strategic Benefit	Description
Security	Use your organization’s existing security policies and multi-factor authentication for Tallyfy access
User Experience	Users log in with their corporate username and password
Access Control	Manage all Tallyfy access permissions from your identity management system
Account Provisioning	New users automatically get Tallyfy accounts on first SSO login
Security Policies	Enforce the same authentication rules (password complexity, session timeouts) across all systems
IT Support	Eliminate password reset tickets and simplify user account management

SSO as replacement for e-signatures

SSO authentication creates legally defensible audit trails that can replace traditional e-signature solutions for internal company approvals.

Traditional e-signature challenges:

• Additional cost per signature/user
• Separate system to manage and train
• Workflow interruption (leave Tallyfy, sign document, return)
• Limited integration with process tracking

SSO-based approval advantages:

• No additional cost: Included with all paid Tallyfy plans
• Identity verification: Corporate SSO confirms the approver’s identity through company authentication
• Audit trail: Every approval logged with timestamp, user identity, and IP address
• Workflow integration: Approvers complete their task without switching tools
• Legal compliance: SSO authentication meets requirements for internal corporate approvals in most jurisdictions

Common use cases for SSO-based approvals:

• Purchase order approvals
• Internal policy acknowledgments
• Budget authorizations
• Project sign-offs
• Compliance confirmations
• HR document approvals

Best practice for approval workflows

Create a dedicated “Approval” task type in your templates with:

1. Approval criteria in the task description
2. Required Yes/No form field for the approval decision
3. Required text field for approval comments/conditions
4. Automatic email notification upon completion

This creates a timestamped, authenticated approval record without external e-signature tools.

When you still need traditional e-signatures

For external party signatures (customers, vendors) or specific regulatory requirements (some healthcare/financial documents), you may still need dedicated e-signature tools. Tallyfy integrates with DocuSign and similar platforms for these scenarios.

Enforcing SSO-only access

Organizations can require all users to authenticate through corporate SSO. Tallyfy can lock down access so SSO becomes the only authentication method.

SSO-only mode effects

• Standard authentication disabled: Email and password logins disabled organization-wide
• Identity provider provisioning: All users must come through your corporate identity provider

For technical details and security implications, see Compliance documentation on Mandatory Single Sign-On.

To enable “SSO only” mode, contact Tallyfy support.

SSO authentication flow

SSO login process:

1. Organizational portal: Users access a customized Tallyfy login link for your organization
2. Identity provider redirect: Tallyfy redirects to your company’s login portal (Microsoft Entra ID, Google Workspace, etc.)
3. Corporate authentication: Users enter work credentials and complete multi-factor authentication
4. Return to Tallyfy: After authentication, users are automatically logged into Tallyfy
5. Account provisioning: First-time users get accounts created automatically using identity provider data

Supported identity providers

Tallyfy supports these enterprise identity management systems:

Microsoft Entra ID (formerly Azure Active Directory)

Microsoft’s enterprise cloud identity and access management platform. Includes conditional access and multi-factor authentication.

Azure AD Setup Guide →

Google Workspace (formerly G Suite)

Google’s identity and productivity platform for businesses using Gmail, Drive, and other Google tools.

Google Workspace Setup Guide →

Okta

Cloud-based identity service specializing in enterprise SSO.

Okta Setup Guide →

OneLogin

Identity and access management platform with SSO capabilities.

OneLogin Setup Guide →

JumpCloud

Cloud directory platform providing unified device and identity management with SAML-based SSO.

JumpCloud Setup Guide →

Other SAML 2.0 Compatible Systems

Any identity provider supporting SAML 2.0 can be configured. Contact support to verify compatibility.

Requirements for SSO setup

• Administrative access: Admin rights in both Tallyfy and your identity provider
• Configuration exchange: URLs, security certificates, and metadata exchange between systems
• Attribute mapping: Configuration for user info (email, name, role) flow from identity provider to Tallyfy
• Testing: Test with different user types before company-wide rollout

Advanced SSO Integration with AI Tools

For organizations implementing AI workflows with Model Context Protocol (MCP) servers, advanced SSO patterns enable seamless authentication across AI applications. Learn about enterprise SSO integration with MCP servers for unified identity management across AI-powered workflow tools.

Getting started with SSO

1. Select provider: Choose the setup guide for your identity system (Microsoft Entra ID, Google, Okta, or OneLogin)
2. Contact support: Reach out to Tallyfy support or your account manager
3. Configure identity provider: IT team handles technical configuration
4. Test authentication: Test with users from different departments and roles
5. Deploy: Notify your team about the new login process

Troubleshooting authentication issues

Authentication loops during login

Users sometimes experience authentication loops where credentials are requested repeatedly or they can’t progress past the login screen. This commonly occurs when browser sessions become corrupted or when switching between SSO and regular authentication methods.

Immediate solution: Force a complete logout by visiting https://account.tallyfy.com/logout ↗. This URL completely clears all authentication sessions and resolves most login issues. After using this logout URL, clear your browser’s cookies for tallyfy.com, wait 10-15 seconds, and try logging in again.

For detailed troubleshooting steps, see the complete authentication loop resolution guide.

Common SSO issues and solutions

Issue	Solution
Login loops with SSO	Use https://account.tallyfy.com/logout ↗ to clear sessions, then re-authenticate
Can’t switch between organizations	Force logout and clear browser cookies for all tallyfy.com domains
SSO and password login conflict	Clear all sessions using the logout URL before switching authentication methods
”Need admin approval” message	IT administrator must approve Tallyfy in your identity provider settings

• Integrate Google Workspace
• Integrate JumpCloud SSO
• Integrate Microsoft Entra ID SSO
• Integrate Okta SSO
• Integrate OneLogin SSO

Related articles

Authentication > Integrate Microsoft Entra ID SSO

Microsoft Entra ID SSO integration with Tallyfy provides seamless single sign-on authentication and automatic user provisioning through a collaborative 30-minute setup process that involves creating an enterprise application configuring SAML settings and coordinating with Tallyfy Support to exchange configuration details.

Authentication > Integrate OneLogin SSO

OneLogin SAML/SSO integration with Tallyfy enables automatic user authentication through OneLogin credentials via a collaborative setup process that involves creating a SAML application connector configuring authentication settings and working with Tallyfy Support to exchange configuration details for seamless single sign-on with automatic user provisioning.

Authentication > Integrate JumpCloud SSO

JumpCloud SAML/SSO integration with Tallyfy enables automatic user authentication and account creation through a collaborative 30-minute setup process that involves creating a custom SAML application in JumpCloud configuring service provider settings and attribute mappings then exchanging metadata with Tallyfy Support to enable seamless single sign-on with just-in-time user provisioning.

Mcp Server > Using SSO with MCP servers

SSO integration with Model Context Protocol servers creates unified authentication across enterprise AI tools by allowing users to authenticate once with corporate credentials and automatically access multiple integrated services without repeated login prompts.