Authentication and SSO

How does Tallyfy Single Sign-On integration work?

Tallyfy provides complimentary Single Sign-On (SSO) integration for all customers on paid plans, enabling seamless authentication through existing corporate identity systems and enterprise security frameworks.

SSO integration allows team members to access Tallyfy using familiar company credentials from Microsoft Azure AD, Google Workspace, Okta, OneLogin, or other enterprise identity providers. This eliminates separate password management burdens while significantly enhancing security through centralized authentication and access control.

For organizations requiring maximum security compliance, paid plans include optional SSO-only enforcement settings that mandate exclusive authentication through designated identity providers, ensuring complete adherence to corporate security policies.

What are the strategic benefits of Tallyfy SSO integration?

Strategic Benefit	Description
Enhanced Security	Leverage your organization’s existing advanced security policies and multi-factor authentication for Tallyfy access
Streamlined User Experience	Enable seamless login using familiar corporate usernames and passwords without additional credential management
Centralized Access Control	Manage comprehensive Tallyfy access permissions directly from your primary identity management system
Automated Account Provisioning	New users automatically receive Tallyfy accounts upon first SSO login, eliminating manual setup processes
Consistent Security Policies	Enforce uniform authentication rules including password complexity and session management across all systems
Reduced IT Support Burden	Eliminate “forgot Tallyfy password” support requests and streamline user account management

Secure Internal Approvals with SSO

Using SSO provides a strong way to track internal approvals. When someone approves a task in Tallyfy after logging in via SSO, Tallyfy’s audit trail records exactly who approved it and when, linked to their verified company identity. This can often replace the need for separate e-signature tools for internal approvals.

How can I enforce SSO-only access for maximum security?

For organizations requiring the highest level of authentication control and security compliance, Tallyfy can be configured to enforce mandatory “SSO only” access. This configuration ensures that all organizational members, without exception, must authenticate exclusively through your designated Single Sign-On provider.

What happens when SSO-only mode is activated?

• Disabled Standard Authentication: Traditional email and password logins are completely disabled organization-wide.
• Identity Provider Provisioning: The ability to invite new members via email is deactivated; all users must be provisioned through your corporate identity provider.

This comprehensive enforcement ensures strict adherence to corporate authentication policies and regulatory compliance requirements. For detailed technical specifications and security implications, reference our Compliance documentation on Mandatory Single Sign-On.

To enable “SSO only” mode for your organization, please contact Tallyfy support.

How does the SSO authentication flow work with Tallyfy?

Once SSO integration is properly configured:

1. Organizational Login Portal: Users access a customized Tallyfy login link specific to your organization.
2. Identity Provider Redirect: Tallyfy automatically redirects users to your company’s designated login portal (such as Microsoft Azure AD or Google Workspace).
3. Corporate Authentication: Users authenticate using their standard corporate credentials and any required multi-factor authentication.
4. Seamless Return: Users are automatically redirected back to Tallyfy with authenticated access established.
5. Automatic Account Provisioning: First-time users receive automatically provisioned Tallyfy accounts based on identity provider attributes.

What identity providers does Tallyfy support?

Tallyfy integrates seamlessly with leading enterprise identity management systems:

Microsoft Azure Active Directory (Azure AD)

• Microsoft’s comprehensive enterprise cloud identity and access management platform.
• Supports advanced security features including conditional access and multi-factor authentication.

Azure AD Setup Guide →

Google Workspace (formerly G Suite)

• Google’s enterprise identity and productivity platform for organizations.
• Provides seamless integration with Google’s business application ecosystem.

Google Workspace Setup Guide →

Okta

• Leading cloud-based identity and access management service specializing in enterprise SSO and application integration.

Okta Setup Guide →

OneLogin

• Comprehensive identity and access management platform providing secure SSO and application access control.

OneLogin Setup Guide →

Other SAML 2.0 Compatible Systems

Tallyfy supports integration with virtually any enterprise identity system implementing the industry-standard SAML 2.0 protocol. Contact Tallyfy support for compatibility verification with your specific identity provider.

What are the requirements for SSO setup?

Establishing SSO integration requires coordinated technical configuration across both Tallyfy and your organization’s identity management system:

• Administrative Access: Personnel with administrative privileges in both Tallyfy and your identity provider are required.
• Technical Configuration Exchange: Critical technical details including URLs, security certificates, and metadata must be accurately configured between systems.
• User Attribute Mapping: Proper configuration of user information transmission (including email, name, and role attributes) from your identity provider to Tallyfy.
• Comprehensive Testing: Thorough testing across various user scenarios before organization-wide deployment.

How can I get started with SSO implementation?

1. Identity Provider Selection: Choose the appropriate setup guide corresponding to your organization’s identity management system.
2. Tallyfy Support Engagement: Contact Tallyfy support or your dedicated account manager to initiate SSO configuration planning.
3. Collaborative Implementation: Execute the configuration steps methodically in coordination with your IT team and identity management administrators.
4. User Acceptance Testing: Conduct thorough testing of the authentication flow with representative users across different roles.
5. Organization-wide Deployment: Communicate the new authentication method to your organization and provide transition guidance.

• Integrate Azure AD
• Integrate Google Suite
• Integrate Okta
• Integrate OneLogin

Related articles

Authentication > Integrate Azure AD

The comprehensive guide outlines the complete process for setting up SAML-based Single Sign-On between Microsoft Azure Active Directory and Tallyfy including application configuration attribute mapping and user provisioning steps for seamless authentication.

Authentication > Integrate OneLogin

A comprehensive walkthrough for setting up SAML Single Sign-On between OneLogin and Tallyfy by creating an application connector configuring SAML settings enabling user provisioning and testing the authentication flow.

Authentication > Integrate Google Suite

The comprehensive guide outlines the process of implementing SAML-based Single Sign-On between Google Workspace and Tallyfy through application setup attribute mapping and user access configuration for automated authentication.

Authentication > Integrate Okta

A comprehensive walkthrough for implementing SAML-based Single Sign-On between Okta and Tallyfy through application configuration user attribute mapping and SSO activation for automated user authentication and provisioning.