Torq

Single Sign-On (SSO) lets you connect Torq with your company's Identity Provider (IdP). This allows you to set Torq roles for users and groups based on your IdP settings.

After connecting Torq to the enterprise IdP, all IdP-authenticated users of specific groups can sign in to Torq.

To manage SSO for a Torq workspace, the required scope is <code>user.write</code>. <a href="https://kb.torq.io/en/articles/9145806-torq-roles-and-scopes-managing-access-and-permissions">Learn more about Torq roles and scopes.</a>

Torq supports SAML 2.0 and OpenID Connect with code flow and implicit grant type. It's compatible with many enterprise IdPs, including:

You can configure SSO using the following account types:

- Google account
- Local user/password account

If you are changing SSOs or migrating IDPs, contact Torq Support before going through with the migration within your Torq workspaces and organization.

To ensure uninterrupted access to the platform and prevent potential lockouts during SSO configuration, please adhere to the following best practices:

- After configuring SSO, promptly test the login process using a secondary account within the same SSO domain. This real-time validation ensures that the IdP claims are correctly mapped, preventing access issues.
- You can also set up a temporary claims mapping based on email addresses.

Torq assumes that the SSO domain (an organization's identifier) is identical to the email domain of the workspace owner configuring SSO. For example, the administrator identified by <a href="mailto:admin@mycompany.com" rel="nofollow noopener noreferrer" target="_blank">admin@mycompany.com</a> can configure SSO for the domain mycompany.com. ​If you want to configure SSO for a different domain, contact Torq Support.

If users were invited by email before setting up SSO, they could still log in without it. To avoid this, remove these users and keep only the SSO setup. 

If you need to update any claims, add the new ones to Torq first before removing the old ones from your SSO provider. This prevents any access issues.

Users authorized for specific workspaces via SSO cannot access (from an SSO login) the workspaces that they are authorized for via email login. However, email login allows users to view and access all relevant workspaces, including SSO-verified and email-only verified ones.  

All members of the Torq group within your SSO platform will have access to <a href="https://kb.torq.io/en/articles/9095382-torq-interact-send-forms-and-create-pages">Torq Interactions</a> set to SSO access - no claims mapping or role required.

- To ensure uninterrupted access to the platform and prevent potential lockouts during SSO configuration, please adhere to the following best practices:
 - After configuring SSO, promptly test the login process using a secondary account within the same SSO domain. This real-time validation ensures that the IdP claims are correctly mapped, preventing access issues.
 - You can also set up a temporary claims mapping based on email addresses.
- Torq assumes that the SSO domain (an organization's identifier) is identical to the email domain of the workspace owner configuring SSO. For example, the administrator identified by <a href="mailto:admin@mycompany.com" rel="nofollow noopener noreferrer" target="_blank">admin@mycompany.com</a> can configure SSO for the domain mycompany.com. ​If you want to configure SSO for a different domain, contact Torq Support.
- If users were invited by email before setting up SSO, they could still log in without it. To avoid this, remove these users and keep only the SSO setup. 
- If you need to update any claims, add the new ones to Torq first before removing the old ones from your SSO provider. This prevents any access issues.
- Users authorized for specific workspaces via SSO cannot access (from an SSO login) the workspaces that they are authorized for via email login. However, email login allows users to view and access all relevant workspaces, including SSO-verified and email-only verified ones. 
- All members of the Torq group within your SSO platform will have access to <a href="https://kb.torq.io/en/articles/9095382-torq-interact-send-forms-and-create-pages">Torq Interactions</a> set to SSO access - no claims mapping or role required.

Enable SSO-only login and restrict new local user invitations to ensure security and regulatory compliance. In workspaces with this mode active, users can only log in via the configured SSO. The option to invite new users via Settings &gt; Users will be disabled.

SSO-only mode is available upon request. Contact Torq Support for more information or to enable SSO-only mode.

Learn about Torq's Single Sign-On (SSO) capabilities.

Configure SSO for Torq: Boost Security and Efficiency

Create a custom design with text, images, and links

Hyperautomation™

Blog

Our Story

HyperSOC™

Resources

Security And Compliance

Technology Partners

Careers

Legal & Compliance

Contact Us

WHY TORQ

RESOURCES

COMPANY

API Documentation

Torq Academy

Find answers and get help from Intercom Support and Community Experts

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Tickets

No access to tickets portal

English

url(https://downloads.intercomcdn.com/i/o/eomhaz2o/650488/453c3f06f99ecd5c993f4e92378d/1fbc1f558d986ce509cc6e195facae95.png)

Configure SSO for Torq: Boost Security and Efficiency

Important to Know

SSO-only Mode