SAML (SSO)

Single sign on via SAML

info

iOS users must have Tagify iOS app version 2.1.13 or later to work with SSO.

Turn on SAML SSO and allow your team to sign in using your corporate Identity Provider (Okta, Azure AD, etc.). Get started by filling out some fields in the Security section in your company settings and turning on the Enabled SSO checkbox.

Here's a quick overview of what's in each tab in the security settings.

SAML Configuration

Couple options here but here are the big ones:

Enable SSO
- This is where you'll actually turn on the ability to sign in via SSO.
Company sign-in code
- Your users will enter this code when they first sign in. I'd suggest keeping it short and simple.
IdP SSO URL
- The SSO URL provided to you by your Identity Provider.
IdP Certificate
- The certificate provided to you by your Identity Provider.

Enforcement

When you're ready to make sure your users sign in via SSO, you would turn on Enforce SAML SSO. When enforcement is enabled, non-admin users must sign in via SSO. Admin users can always use password login for lockout prevention.

Provisioning

Automatically create Tagify users when someone signs in via SSO for the first time without manually sending an invite. Turn on Enable JIT Provisioning and when new users sign in via SSO they'll automatically be created under your company account.

Single sign on via SAML​

SAML Configuration​

Enforcement​

Provisioning​

Single sign on via SAML

SAML Configuration

Enforcement

Provisioning