Enterprise Single Sign-On (SSO) lets you connect Torq with your company's Identity Provider (IdP). This way, you can set Torq roles for users and groups based on your IdP settings.
After connecting Torq to the enterprise IdP, all IdP-authenticated users of specific groups can sign in to Torq.
Torq supports SAML 2.0 and OpenID Connect with code flow and implicit grant type. It's compatible with many enterprise IdPs, including:
Microsoft Entra ID
Okta
OneLogin
Supported SSO Methods and Protocols
Open ID connect
SAML 2.0
You can configure SSO using the following account types:
Google account
Local user/password account
Important to know
Torq assumes that the SSO domain (an organization's identifier) is identical to the email domain of the workspace owner configuring SSO. For example, the administrator identified by admin@mycompany.com can configure SSO for the domain mycompany.com.
If you want to configure SSO for a different domain, contact Torq Support.If users were invited by email before setting up SSO, they could still log in without it. To avoid this, remove these users and keep only the SSO setup.
We recommend that you have 1 or 2 backup accounts not tied to SSO, just in case your SSO provider has issues.
If you need to update any claims, add the new ones to Torq first before removing the old ones from your SSO provider. This prevents any access issues.
Users authorized for specific workspaces via SSO cannot access (from an SSO login) the workspaces that they are authorized for via email login. However, email login allows users to view and access all relevant workspaces, including SSO-verified and email-only verified ones.