Integrate OneLogin SSO

Let your team sign into Tallyfy with their OneLogin credentials using SAML-based Single Sign-On (SSO). The setup takes about 30 minutes.

• OneLogin administrator account
• Tallyfy Pro or Enterprise plan
• SAML configuration values from Tallyfy Support

1. Create a OneLogin SAML application connector
2. Configure SAML settings in both systems
3. Enable and test SSO

This diagram shows the OneLogin-Tallyfy SAML setup and authentication flow.

• You’ll exchange metadata between OneLogin and Tallyfy Support
• After setup, users access Tallyfy through a special SSO URL
• New users are automatically provisioned on first login

1. Sign in to your OneLogin portal

2. Open the Administration menu

3. Go to Applications > Applications

4. Click Add App

   

1. Search for “SAML Custom Connector” (or “SAML Test Connector” in older OneLogin versions)

2. Select SAML Custom Connector (Advanced)

3. Set the Display Name to “Tallyfy”

4. Click Save

   

You’ll need Tallyfy’s SAML values to configure OneLogin:

1. Contact Tallyfy Support to access your organization’s profile

2. Go to the Org Settings tab

3. Click Add Configuration Details

4. Find the default SAML values section

   

1. Go to the Configuration tab in your OneLogin application connector

2. Enter the Tallyfy SP ACS URL into the ACS (Consumer) URL field

3. Enter the same URL into the Recipient field

4. Enter the Tallyfy SP Entity ID into the Audience (EntityID) field

5. Enter the ACS URL again into the ACS (Consumer) URL Validator field

6. Click Save

   

1. Go to the Parameters tab in your OneLogin application
2. Add the three parameters below

Add these three parameters and check Include in SAML assertion for each:

To add each parameter:

1. Click the + button in the top-right corner of the parameters table

2. Enter the parameter name (e.g., “Email”) and map it to the matching user attribute

3. Check Include in SAML assertion

4. Click Save

   

1. Go to the Access tab in your OneLogin application

2. Select the appropriate roles or users

3. In this example, we’re using the Default role

4. Click Save

   

1. Go to the SSO tab in your OneLogin application

   

2. Note the SAML 2.0 Endpoint (HTTP)

3. Note the Issuer URL

4. Note or download the X.509 Certificate

1. Send the SAML 2.0 Endpoint (HTTP) to Tallyfy Support

2. Send the Issuer URL to Tallyfy Support

3. Send the X.509 Certificate to Tallyfy Support

4. Tallyfy Support will configure these in your organization’s SAML settings

   

Once Tallyfy Support confirms your SAML settings are configured, flip the switch:

1. Toggle the SAML activation switch to enable SSO

   

After completing the setup:

1. Get the Tallyfy login URL from the SAML configuration modal (Tallyfy Support provides this)

2. Share this URL with team members who have access to the OneLogin application

   

When users access Tallyfy through this URL:

• Existing Tallyfy users sign in automatically
• New users get provisioned in Tallyfy on their first login. That’s it.

Running into auth issues? Check these common culprits:

• The user hasn’t been assigned to the OneLogin application
• Parameter mappings don’t match exact names - even a tiny typo breaks things
• The Include in SAML assertion flag isn’t checked
• Users are going to the regular Tallyfy login page instead of the SSO URL
• Still stuck? Contact Tallyfy Support