Single Sign-On (SSO) via SAML

Single Sign-On (SSO) using SAML 2.0 allows your organization to authenticate users through a centralized Identity Provider (IdP), while Tagd acts as the Service Provider (SP).

Prerequisite: An identity provider that supports SAML 2.0 (for example, Azure AD, Okta, or ADFS).

Step 1: Collect Service Provider (SP) details

The following SAML SP details are required when configuring your Identity Provider:

Parameter	Value
Entity ID	urn:amazon:cognito:sp:eu-north-1_ZEVIQMv4W
Reply URL	https://app.tagd.ai/saml2/idpresponse

Step 2: Configure your Identity Provider (IdP)

In your Identity Provider create an application,

Create a new SAML application
Enter the Entity ID and Reply URL (ACS URL) provided above
Configure user attributes / claims (such as email or name) to be included in the SAML response
1. email
2. first name
3. last name
4. group id:s (comma separated list, minimum one group is required)
Assign test users to both the SAML application and the group. Provide Tagd with at least one test user for validation
Preferred custom login URL, example: https://company.tagd.ai

Step 3: Send SSO details to Tagd

Send the following details to support@tagd.ai

App Federation Metadata URL or file (XML)
Test user credentials (can be sent in separate email to contact person from our team)
Test group(s) UUIDs

Once provided, SAML authentication will be configured by our team for your organization.

Step 4: Test the SSO setup

Before rolling out SSO to all users the setup is tested together with someone from our team.

Perform a test login using an IdP user account
Verify that the correct user attributes are received
Confirm that access is granted as expected
Verify that the user attributes appears correctly in Tagd
Verify that user is added to the mapped group in Tagd

We strongly recommend testing with a limited group of users first. Report any issues to support@tagd.ai

Step 5: GO-LIVE

Coordinate the go-live of the SSO integration in collaboration with your designated contact from our team:

Decide on go-live date.
Assign users to the Tagd app in your identity provider or create them in the Tagd platform. When a user signs in via SSO for the first time, their account will be automatically created or linked based on their identity. The user is assigned the role “User” and needs to be manually changed in Tagd if a higher permission level is desired.
Inform your users about the setup and share login link.

Help center