Authentication > Integrate Microsoft Entra ID SSO
Connect Microsoft Entra ID to Tallyfy for SSO by creating an enterprise app in Azure Portal and configuring SAML attribute mappings.
Authentication and SSO
Tallyfy includes free Single Sign-On (SSO) for all paid plans. Your team logs in with existing corporate credentials from Microsoft Entra ID, Google Workspace, Okta, OneLogin, JumpCloud, or any SAML 2.0 provider. Setup takes about 30 minutes.
You can also enforce SSO-only access - blocking email/password logins entirely.
| Benefit | What it means |
|---|---|
| Security | Apply your org’s existing security policies and MFA to Tallyfy |
| One login | Team members use their corporate username and password |
| Access control | Manage Tallyfy permissions from your identity provider |
| Auto-provisioning | New users get Tallyfy accounts on first SSO login |
| Consistent policies | Same password complexity and session rules across all systems |
| Less IT overhead | No more Tallyfy-specific password resets |
SSO authentication creates audit trails that can replace e-signature tools for internal approvals.
Why skip traditional e-signatures for internal use?
- Extra cost per signature/user
- Separate system to manage
- Workflow interruption - users leave Tallyfy, sign elsewhere, then return
SSO-based approvals give you:
- No extra cost - included with paid Tallyfy plans
- Identity verification - corporate SSO confirms the approver’s identity
- Audit trail - every approval logged with timestamp and user identity
- No context switching - approvers complete tasks without leaving Tallyfy
- Legal compliance - meets requirements for internal corporate approvals in most jurisdictions
Common use cases: purchase orders, policy acknowledgments, budget authorizations, project sign-offs, compliance confirmations, HR approvals.
Tallyfy can lock down your org so SSO is the only login method. When sso_auth_only is enabled:
- Email and password logins are disabled org-wide
- Manual member invites are blocked - all users must come through your identity provider
- Non-SSO login attempts redirect to your SAML login page
For security details, see Compliance documentation on Mandatory Single Sign-On.
To enable SSO-only mode, contact Tallyfy support.
Here’s what happens when someone logs in via SSO:
- User visits your org’s Tallyfy login link
- Tallyfy redirects to your identity provider (Entra ID, Google, etc.)
- User authenticates with corporate credentials and MFA
- Identity provider sends a SAML assertion back to Tallyfy
- First-time users get accounts created automatically from identity provider data (email, first name, last name)
Cloud identity and access management with conditional access and MFA.
Identity platform for businesses using Gmail, Drive, and other Google tools.
Google Workspace Setup Guide →
Cloud-based identity service for enterprise SSO.
Identity and access management with SSO capabilities.
Cloud directory platform with SAML-based SSO.
Any SAML 2.0-compatible identity provider works. Contact support to verify compatibility.
- Admin access in both Tallyfy and your identity provider
- Metadata exchange - URLs, certificates, and entity IDs between systems
- Attribute mapping - email, first name, and last name fields from your identity provider to Tallyfy
- Testing - verify with different user types before rolling out org-wide
- Pick the setup guide for your identity provider above
- Contact Tallyfy support or your account manager
- Your IT team configures the identity provider side
- Test with users from different departments and roles
- Tell your team about the new login process
If you’re stuck in a login loop or can’t get past the login screen, visit https://account.tallyfy.com/logout ↗ to clear all sessions. Then clear your browser cookies for tallyfy.com, wait 10-15 seconds, and log in again.
For more details, see the authentication loop resolution guide.
| Issue | Solution |
|---|---|
| Login loops with SSO | Visit https://account.tallyfy.com/logout ↗, then re-authenticate |
| Can’t switch orgs | Force logout and clear cookies for all tallyfy.com domains |
| SSO and password login conflict | Clear all sessions via the logout URL before switching methods |
| ”Need admin approval” message | Your IT admin must approve Tallyfy in the identity provider settings |
- Integrate Google Workspace
- Integrate JumpCloud SSO
- Integrate Microsoft Entra ID SSO
- Integrate Okta SSO
- Integrate OneLogin SSO
Authentication > Integrate JumpCloud SSO
Set up JumpCloud SAML/SSO with Tallyfy to give your team single sign-on access and automatic account creation in about 30 minutes.
Mcp Server > Using SSO with MCP servers
SSO integration with MCP servers eliminates the need for separate credentials across multiple AI tools by delegating authentication to enterprise identity providers like Azure AD and Okta through OAuth 2.1 flows that handle token exchange and access control automatically while addressing challenges like consent fatigue and shadow OAuth visibility.
Authentication > Integrate OneLogin SSO
Set up OneLogin SAML/SSO with Tallyfy to let your team sign in with OneLogin credentials - covers creating a SAML connector, mapping attributes, and exchanging metadata with Tallyfy Support.
Was this helpful?
About Tallyfy
- 2025 Tallyfy, Inc.
- Privacy Policy
- Terms of Use
- Report Issue
- Trademarks