Set up Single Sign-On (SSO)

SSO is available for Enterprise plans. Want to upgrade your TAGGRS subscription? Talk to Sales.

Prerequisites

Before starting, make sure:

• You have at least one existing TAGGRS user in the organization
• Your team uses a shared business email domain (e.g. @mycompany.com)
• You use a SAML 2.0–compatible IdP, such as OneLogin, Okta, or Azure AD

Note
‍Once SSO is activated, additional users do not need existing TAGGRS accounts. They will be created automatically on first login.

Activation

To enable SAML SSO on your company account:

1. Log in to TAGGRS
2. Go to Profile → Organization → Single Sign-On (SSO)
3. Click Contact Support to request SSO activation for your organization.

Once SSO is enabled for your company account, you can fill in the details:

• SSO Identifier: the name of your IdP (e.g. one login, okta, or azure)
• SAML Metadata URL: generated by your IdP after you install the SAML application.

Configuration

Install a SAML application in your IdP

In your identity provider, create or install a SAML 2.0 application for TAGGRS and configure it with these standard SAML settings:

Configure your IdP to send the following user attributes to TAGGRS:

Important
Attribute names are case-sensitive and must match exactly.

Initiate SSO in TAGGRS

After you configure your IdP:

1. In TAGGRS, go to your Profile page and scroll to the Single Sign-On (SSO) section
2. Enter the SSO Identifier field with the name of your IdP
3. Copy the Metadata URL from your IdP and paste it into the SAML Metadata URL field in TAGGRS.

Once you submit the Metadata URL, TAGGRS validates the SAML configuration and links SSO to your organization and email domain (for example, @mycompany.com).

The SSO connection is now active.

Note
Once SSO is active, admins can choose to enforce SSO for users or allow login with other methods.

User access management

User access to TAGGRS is fully controlled in your identity provider (IdP).

Assign users or groups to the TAGGRS SAML application in your IdP's admin console. Only assigned users can access TAGGRS via SSO. Removing assignments immediately revokes access.

First-time login

On a user’s first SSO login:

• A new TAGGRS user account is created automatically
• The user is added to your organization and granted access to its products
• No invitations or manual account setup are required.

This makes onboarding new team members fast and low-maintenance, assuming they are already provisioned in your IdP.

Adding or removing team members

To manage the team:

• Add a user (or group) to the TAGGRS app in your IdP → they can log in to TAGGRS right away.
• Remove a user (or group) from the TAGGRS app in your IdP → their TAGGRS access is automatically revoked.

TAGGRS always follows the access rules and assignments defined in your IdP.

Troubleshooting

If login issues occur:

• Confirm the user’s email domain matches the configured SSO domain
• Verify attribute mappings (email, first_name, last_name)
• Ensure the correct Metadata URL is used
• Double-check user assignment in your identity provider

For advanced issues or to disable SSO for an organization, email TAGGRS support.

FAQ

Why use SSO in TAGGRS?

SAML SSO is designed for agencies and enterprises that manage multiple users and clients at scale. It comes with many benefits, such as easy onboarding and offboarding as your team grows and centralized access control via your identity provider. Learn more about the benefits of SSO.

Useful resources

Guide: How to create SAML app integration in Okta

Guide: How to create SAML app integration in OneLogin

Guide: How to create SAML app integration in Entra ID