How can we help?

Search

Setup Your Torii Account to Use SSO (Single-Sign-On) For Login

Uri Nativ
Uri Nativ
  • Updated
Torii SMP
Torii Identity
Make it easier and more secure for your users to log in to Torii

Setup your account to use Single-Sign-On in order to allow signups and logins to Torii has never been easier.

First, make sure you are  Admin in your Torii account. You can check this on the Settings -> Team page. Only admins can configure SSO for their accounts.

SSO Configuration

Please follow these steps to set it up:

  1. Identify which Identity Provider (Okta, OneLogin, Google, Microsoft Azure AD, etc...) your organization is using and follow the appropriate instructions in order to get your SSO metadata XML configuration file:

    1. Setup your account to use Azure Active Directory SSO

    2. Setup your account to use Google SSO

    3. Setup your account to use JumpCloud SSO

    4. Setup your account to use Okta SSO

    5. Setup your account to use OneLogin SSO

    6. Torii supports any other Identity Provider that supports SAML

  2. Go to Settings -> Security page

     

     

  3. Click the Configure SSO button

     

     

  4. Drag & Drop or browse to select the metadata.xml configuration file you have obtained from your Identity Provider

  5. Torii will process the configuration file and will present the following confirmation which indicates your SSO configuration is in place

     

     

  6. Click Done to close the dialog box

  7. SSO is now configured for your account but is not yet enforced

 

Testing your SSO configuration

Now that SSO has been configured, validate it is working:

  • Log out of Torii

  • Log in to Torii again and you will now be redirected to your Identity Provider to login using SSO

In case the login was not successful, you can use the "or click here to login using a password" link that appears after entering your email address:

Enforce users to sign in using SSO

After you validated that your SSO configuration is in place and working as expected, you can go ahead and enforce all your users to login only via SSO - this is easier for them and better for the organization's security.

 

Go to the Settings -> Security page and change the state of the 'Enforce users to sign in using SSO' switch to On.

 

 

Auto-provisioning of users

When a user logs in using SSO for the first time, a new user will be created with their email address. The user will have the least privilege permissions of an employee, and this can be changed later by inviting the user to have an elevated role from the Settings -> Members page.

Note: When SCIM open is enabled, auto-provisioning is off. This allows your identity provider to fully control creation and removal of users from Torii.

 

Remove SSO

If you would like to revert back to using email and passwords for Torii login, click the Remove SSO button and confirm the removal in the confirmation dialog that will pop up.

 

You can then re-configure your account to use SSO by following the instructions at the top of this guide.

Q&A

Q: What is the expected behavior when SSO is enforced and Torii logs the user out due to inactivity?

A: After the idle timeout configured on the settings page, the user is logged out and redirected to the Torii login page. The user can then log in again using SSO, or go to the SSO portal and login to Torii again with one click. 

 

Need help?

Our support team is always available at support@toriihq.com to help.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request