SSO Configuration (SAML 2.0)
This feature requires TalkWriter Enterprise. Contact Sales →
Single Sign-On (SSO) lets your team sign into TalkWriter using the same credentials they use for other company tools. TalkWriter supports SAML 2.0, the industry standard for enterprise authentication.
What SSO Does
- One login — Team members use their company credentials instead of a separate password
- Centralized control — Disable a user in your identity provider and they lose TalkWriter access automatically
- Security — Enforce your organization's MFA and password policies
Supported Identity Providers
| Provider | Status | Setup Time |
|---|---|---|
| Okta | ✅ Fully supported | ~15 minutes |
| Azure AD (Entra ID) | ✅ Fully supported | ~15 minutes |
| Google Workspace | ✅ Fully supported | ~10 minutes |
| OneLogin | ✅ Fully supported | ~15 minutes |
| Other SAML 2.0 | ✅ Compatible | Varies |
Setup Steps
1. Gather TalkWriter Details
In the Admin Portal, go to Security → SSO and copy:
- Entity ID (SP):
https://auth.talkwriter.ai/saml/metadata - ACS URL:
https://auth.talkwriter.ai/saml/callback - SLO URL:
https://auth.talkwriter.ai/saml/logout
2. Configure Your Identity Provider
In your IdP admin console:
- Create a new SAML application named "TalkWriter"
- Paste the Entity ID and ACS URL from step 1
- Set the Name ID format to
emailAddress - Map the following attributes:
| SAML Attribute | Maps To | Required |
|---|---|---|
email | User's email address | ✅ |
firstName | First name | ✅ |
lastName | Last name | ✅ |
department | Department | ❌ |
- Download the IdP metadata XML file
3. Upload to TalkWriter
- Return to Security → SSO in the Admin Portal
- Upload your IdP metadata XML file
- Click Save Configuration
- Click Test Connection to verify everything works
4. Enable SSO
- Toggle Require SSO to on
- Choose whether existing password logins should be disabled immediately or after a grace period
FAQ
Can users still log in with email/password after SSO is enabled? Only if you keep the grace period active. Once "Require SSO" is fully enforced, password login is disabled.
What happens if our IdP goes down? Enterprise admins can access a break-glass URL to log in with email/password during IdP outages.
Does SSO work with the desktop app? Yes. The desktop app opens a browser window for SSO authentication, then returns the user to the app.