Authentication and SSO

Single Sign-On (SSO) integration

Tallyfy offers free Single Sign-On (SSO) integration for customers on paid plans. SSO lets your team members log into Tallyfy using the same username and password they already use for other company systems (like their Microsoft, Google, Okta, or OneLogin accounts).

This means they don’t need a separate Tallyfy password, making login easier and more secure. For enhanced security, organizations on paid plans can also request a setting to enforce that all members sign in exclusively via SSO.

Key benefits of using SSO

Benefit	Description
Better Security	Use your company’s existing security rules for Tallyfy logins.
Easier User Access	Log in with familiar company usernames and passwords.
Central Management	Manage who can access Tallyfy from your main identity system.
Automatic Account Setup	New users can automatically get a Tallyfy account the first time they log in via SSO.
Consistent Rules	Enforce the same login rules (like password complexity) everywhere.
Fewer Support Tickets	No more “forgot Tallyfy password” requests for your IT team.

Secure Internal Approvals with SSO

Using SSO provides a strong way to track internal approvals. When someone approves a task in Tallyfy after logging in via SSO, Tallyfy’s audit trail records exactly who approved it and when, linked to their verified company identity. This can often replace the need for separate e-signature tools for internal approvals.

Enforcing SSO-only access for enhanced security

For organizations requiring the highest level of authentication control, Tallyfy can be configured to enforce “SSO only” access. This means that all members, without exception, must log in through your designated Single Sign-On provider.

When this mode is active:

• Standard email and password logins are disabled organization-wide.
• The ability to invite new members via email is deactivated; users must be provisioned through your identity provider.

This ensures strict adherence to your corporate authentication policies. For a detailed explanation of this feature and its security implications, please see our Compliance documentation on Mandatory Single Sign-On.

To enable “SSO only” mode for your organization, please contact Tallyfy support.

How SSO login works with Tallyfy

Once SSO is set up:

1. Users go to a special Tallyfy login link for your company.
2. Tallyfy sends them to your company’s login page (e.g., Microsoft or Google login).
3. They log in using their normal company password.
4. They are automatically redirected back to Tallyfy, already logged in.
5. If it’s their first time, Tallyfy might automatically create an account for them.

Supported login systems (Identity Providers)

Tallyfy integrates easily with common systems:

Microsoft Azure Active Directory (Azure AD)

• Microsoft’s main cloud login system.
• Supports advanced security features.

Azure AD Setup Guide →

Google Workspace (formerly G Suite)

• Google’s login system for businesses.
• Works smoothly with other Google apps.

Google Workspace Setup Guide →

Okta

• A popular service focused on managing logins for many apps.

Okta Setup Guide →

OneLogin

• Another service for managing access to different applications.

OneLogin Setup Guide →

Other SAML 2.0 Systems

Tallyfy can connect with almost any other login system that uses the standard SAML 2.0 protocol. Contact Tallyfy support if you use a different system.

What’s needed to set up SSO?

Setting up SSO requires technical steps in both Tallyfy and your company’s login system:

• You need someone with Admin access to both systems.
• Technical details (like URLs and security certificates) need to be copied between the systems.
• You need to configure how user information (like email and name) is sent to Tallyfy.
• You should test it thoroughly before making everyone use it.

Getting started with SSO

1. Choose the setup guide below that matches your company’s login system.
2. Contact Tallyfy support or your account manager to let them know you want to set up SSO.
3. Follow the steps in the guide carefully, working with your IT team.
4. Test the login process with a few users.
5. Announce the new login method to your organization.

• Integrate Azure AD
• Integrate Google Suite
• Integrate Okta
• Integrate OneLogin

Related articles

Authentication > Integrate OneLogin

A comprehensive walkthrough for setting up SAML Single Sign-On between OneLogin and Tallyfy by creating an application connector configuring SAML settings enabling user provisioning and testing the authentication flow.

Authentication > Integrate Azure AD

The comprehensive guide outlines the complete process for setting up SAML-based Single Sign-On between Microsoft Azure Active Directory and Tallyfy including application configuration attribute mapping and user provisioning steps for seamless authentication.

Authentication > Integrate Okta

A comprehensive walkthrough for implementing SAML-based Single Sign-On between Okta and Tallyfy through application configuration user attribute mapping and SSO activation for automated user authentication and provisioning.

Authentication > Integrate Google Suite

The comprehensive guide outlines the process of implementing SAML-based Single Sign-On between Google Workspace and Tallyfy through application setup attribute mapping and user access configuration for automated authentication.