Skip to main content
All CollectionsSet Up TorqSet Up Single Sign-On (SSO)
Configure SSO for Torq: Boost Security and Efficiency
Configure SSO for Torq: Boost Security and Efficiency

Learn about Torq's Single Sign-On (SSO) capabilities.

Updated this week

Single Sign-On (SSO) lets you connect Torq with your company's Identity Provider (IdP). This allows you to set Torq roles for users and groups based on your IdP settings.

After connecting Torq to the enterprise IdP, all IdP-authenticated users of specific groups can sign in to Torq.

To manage SSO for a Torq workspace, the required scope is user.write. Learn more about Torq roles and scopes.

Torq supports SAML 2.0 and OpenID Connect with code flow and implicit grant type. It's compatible with many enterprise IdPs, including:

  • Microsoft Entra ID

  • Okta

  • OneLogin

You can configure SSO using the following account types:

  • Google account

  • Local user/password account

Important to Know

If you are changing SSOs or migrating IDPs, contact Torq Support before going through with the migration within your Torq workspaces and organization.

  • To ensure uninterrupted access to the platform and prevent potential lockouts during SSO configuration, please adhere to the following best practices:

    • After configuring SSO, promptly test the login process using a secondary account within the same SSO domain. This real-time validation ensures that the IdP claims are correctly mapped, preventing access issues.

    • You can also set up a temporary claims mapping based on email addresses.

  • Torq assumes that the SSO domain (an organization's identifier) is identical to the email domain of the workspace owner configuring SSO. For example, the administrator identified by admin@mycompany.com can configure SSO for the domain mycompany.com. ​If you want to configure SSO for a different domain, contact Torq Support.

  • If users were invited by email before setting up SSO, they could still log in without it. To avoid this, remove these users and keep only the SSO setup.

  • If you need to update any claims, add the new ones to Torq first before removing the old ones from your SSO provider. This prevents any access issues.

  • Users authorized for specific workspaces via SSO cannot access (from an SSO login) the workspaces that they are authorized for via email login. However, email login allows users to view and access all relevant workspaces, including SSO-verified and email-only verified ones.

  • All members of the Torq group within your SSO platform will have access to Torq Interactions set to SSO access - no claims mapping or role required.

SSO-only Mode

Enable SSO-only login and restrict new local user invitations to ensure security and regulatory compliance. In workspaces with this mode active, users can only log in via the configured SSO. The option to invite new users via Settings > Users will be disabled.

SSO-only mode is available upon request. Contact Torq Support for more information or to enable SSO-only mode.

Did this answer your question?