Setup your account to use Single-Sign-On in order to allow signups and logins to Torii has never been easier.
First, make sure you are
Admin in your Torii account. You can check this on the
Settings -> Team page. Only admins can configure SSO for their accounts.
Please follow these steps to set it up:
Identify which Identity Provider (Okta, OneLogin, Google, Microsoft Azure AD, etc...) your organization is using and follow the appropriate instructions in order to get your SSO metadata XML configuration file:
Torii supports any other Identity Provider that supports SAML
Settings -> Securitypage
Drag & Drop or browse to select the metadata.xml configuration file you have obtained from your Identity Provider
Torii will process the configuration file and will present the following confirmation which indicates your SSO configuration is in place
Click Done to close the dialog box
SSO is now configured for your account but is not yet enforced
Testing your SSO configuration
Now that SSO has been configured, validate it is working:
Log out of Torii
Log in to Torii again and you will now be redirected to your Identity Provider to login using SSO
In case the login was not successful, you can use the "or click here to login using a password" link that appears after entering your email address:
Enforce users to sign in using SSO
After you validated that your SSO configuration is in place and working as expected, you can go ahead and enforce all your users to login only via SSO - this is easier for them and better for the organization's security.
Go to the
Settings -> Security page and change the state of the 'Enforce users to sign in using SSO' switch to On
If you would like to revert back to using email and passwords for Torii login, click the
Remove SSO button and confirm the removal in the confirmation dialog that will pop up.
You can then re-configure your account to use SSO by following the instructions at the top of this guide.
Q: What is the expected behavior when SSO is enforced and Torii times out due to inactivity?
A: After an idle timeout, the user is sent to the Torii login page.
You can always log back into Torii from your SSO portal with one click.
Our support team is always available at firstname.lastname@example.org to help.