ENTERPRISE LEVEL FEATURE
Single Sign-On (SSO) allows your staff to log in to TimeTap using your organization’s Identity Provider (IDP), like Microsoft 365, Azure, instead of TimeTap usernames and passwords.
TimeTap supports SAML 2.0 for SSO authentication.
What Does SSO Look Like?
Users access TimeTap from your organization’s portal (your Microsoft or Salesforce dashboard, for example) and are automatically signed in.
SSO Supports:
- Back Office login
- Client Scheduler login (if applicable)
Requirements
Before setup begins, ensure:
- Your IT team can generate a SAML 2.0 metadata XML file (also called the IDP file)
- TimeTap usernames match email addresses listed in your IDP.
SSO Setup Process
Here are the steps involved in the setup process, along with who is responsible for each:
1. Your Organization: Determine Scope of SSO Setup
Confirm whether SSO should be configured for Back Office (bo), Client Scheduler (cs), or both.
2. Your Organization: Generate and Send the IDP Metadata File
Generate a SAML 2.0 IDP metadata XML file and send it to your Implementation Specialist.
3. Your Organization: Align TimeTap Usernames with IDP
Ensure all staff usernames in TimeTap match their email addresses in the IDP.
4. TimeTap: Create the SP Metadata file
Creates the metadata file based on the information your organization provided.
5. TimeTap: Share the Files
Sends the metadata file for your IT team to upload to your IDP.
6. Your Organization: Go Live
Upload the metadata file into your IDP and complete any necessary configuration to finalize the integration. Users can now log in via your organization’s portal.
Common Issues
User can't log in: Check that TimeTap username is an exact match to the IDP email address.
Multiple certificates in IDP file: Ask your IT administrator to confirm the correct one is being used.