Authentication and SSO

Single Sign-On integration

Tallyfy provides free Single Sign-On (SSO) integration for all customers on paid plans. Connect to your existing corporate identity systems in about 30 minutes.

Your team members use their company credentials from Microsoft Azure AD, Google Workspace, Okta, OneLogin, or other enterprise identity providers to access Tallyfy.

Paid plans include optional SSO-only enforcement settings that require everyone to authenticate exclusively through your designated identity provider.

SSO benefits

Strategic Benefit	Description
Security	Use your organization’s existing security policies and multi-factor authentication for Tallyfy access
User Experience	Users log in with their corporate username and password
Access Control	Manage all Tallyfy access permissions from your identity management system
Account Provisioning	New users automatically get Tallyfy accounts on first SSO login
Security Policies	Enforce the same authentication rules (password complexity, session timeouts) across all systems
IT Support	Eliminate password reset tickets and simplify user account management

SSO as replacement for e-signatures

SSO authentication creates legally defensible audit trails that can replace traditional e-signature solutions for internal company approvals.

Traditional e-signature challenges:

• Additional cost per signature/user
• Separate system to manage and train
• Workflow interruption (leave Tallyfy, sign document, return)
• Limited integration with process tracking

SSO-based approval advantages:

• No additional cost: Included with all paid Tallyfy plans
• Identity verification: Corporate SSO confirms the approver’s identity through company authentication
• Audit trail: Every approval logged with timestamp, user identity, and IP address
• Workflow integration: Approvers complete their task without switching tools
• Legal compliance: SSO authentication meets requirements for internal corporate approvals in most jurisdictions

Common use cases for SSO-based approvals:

• Purchase order approvals
• Internal policy acknowledgments
• Budget authorizations
• Project sign-offs
• Compliance confirmations
• HR document approvals

Best practice for approval workflows

Create a dedicated “Approval” task type in your templates with:

1. Approval criteria in the task description
2. Required Yes/No form field for the approval decision
3. Required text field for approval comments/conditions
4. Automatic email notification upon completion

This creates a timestamped, authenticated approval record without external e-signature tools.

When you still need traditional e-signatures

For external party signatures (customers, vendors) or specific regulatory requirements (some healthcare/financial documents), you may still need dedicated e-signature tools. Tallyfy integrates with DocuSign and similar platforms for these scenarios.

Enforcing SSO-only access

Organizations can require all users to authenticate through corporate SSO. Tallyfy can lock down access so SSO becomes the only authentication method.

SSO-only mode effects

• Standard authentication disabled: Email and password logins disabled organization-wide
• Identity provider provisioning: All users must come through your corporate identity provider

For technical details and security implications, see Compliance documentation on Mandatory Single Sign-On.

To enable “SSO only” mode, contact Tallyfy support.

SSO authentication flow

SSO login process:

1. Organizational portal: Users access a customized Tallyfy login link for your organization
2. Identity provider redirect: Tallyfy redirects to your company’s login portal (Azure AD, Google Workspace, etc.)
3. Corporate authentication: Users enter work credentials and complete multi-factor authentication
4. Return to Tallyfy: After authentication, users are automatically logged into Tallyfy
5. Account provisioning: First-time users get accounts created automatically using identity provider data

Supported identity providers

Tallyfy supports these enterprise identity management systems:

Microsoft Azure Active Directory (Azure AD)

Microsoft’s enterprise cloud identity and access management platform. Includes conditional access and multi-factor authentication.

Azure AD Setup Guide →

Google Workspace (formerly G Suite)

Google’s identity and productivity platform for businesses using Gmail, Drive, and other Google tools.

Google Workspace Setup Guide →

Okta

Cloud-based identity service specializing in enterprise SSO.

Okta Setup Guide →

OneLogin

Identity and access management platform with SSO capabilities.

OneLogin Setup Guide →

Other SAML 2.0 Compatible Systems

Any identity provider supporting SAML 2.0 can be configured. Contact support to verify compatibility.

Requirements for SSO setup

• Administrative access: Admin rights in both Tallyfy and your identity provider
• Configuration exchange: URLs, security certificates, and metadata exchange between systems
• Attribute mapping: Configuration for user info (email, name, role) flow from identity provider to Tallyfy
• Testing: Test with different user types before company-wide rollout

Advanced SSO Integration with AI Tools

For organizations implementing AI workflows with Model Context Protocol (MCP) servers, advanced SSO patterns enable seamless authentication across AI applications. Learn about enterprise SSO integration with MCP servers for unified identity management across AI-powered workflow tools.

Getting started with SSO

1. Select provider: Choose the setup guide for your identity system (Azure AD, Google, Okta, or OneLogin)
2. Contact support: Reach out to Tallyfy support or your account manager
3. Configure identity provider: IT team handles technical configuration
4. Test authentication: Test with users from different departments and roles
5. Deploy: Notify your team about the new login process

• Integrate Azure AD SSO
• Integrate Google Workspace
• Integrate Okta SSO
• Integrate OneLogin SSO

Related articles

Authentication > Integrate Azure AD SSO

Microsoft Azure Active Directory integrates with Tallyfy through SAML-based single sign-on requiring coordination with Tallyfy Support to create an enterprise application configure authentication settings and exchange metadata for automatic user provisioning and seamless authentication within 30 minutes.

Authentication > Integrate OneLogin SSO

Setting up OneLogin SAML/SSO integration with Tallyfy requires creating a SAML connector configuring authentication settings and coordinating with Tallyfy Support to exchange configuration metadata for automatic user authentication and provisioning.

Authentication > Integrate Okta SSO

Okta SAML/SSO integration with Tallyfy establishes single sign-on authentication through a collaborative setup process involving creating an Okta SAML application configuring identity provider settings and working with Tallyfy Support to exchange configuration details for seamless user authentication and automatic account provisioning.

Authentication > Integrate Google Workspace

Google Workspace SAML/SSO integration with Tallyfy enables automatic user authentication through Google credentials via a three-phase setup process requiring coordination with Tallyfy Support to create a custom SAML application configure attribute mappings and enable seamless single sign-on with automatic user provisioning.