Setting Up SSO/SCIM (Professional Plan Only)

SSO/SCIM is only available on Professional tier plans. Contact us at [email protected] for more information.

Overview / Basic Info

There are three parts of the WorkOS integration:

SSO/SAML: Allows anyone with the domain to login.
SCIM: Automatically adds/removes people in Tettra to make sure the user list is accurate.
Group Sync: (Optional) Pulls in groups to Tettra for permissions.

WorkOS is the tool you'll use to roll this out. You may set up SSO and not SCIM, but if you want SCIM, SSO must be set up first.

Here's a list of other WorkOS integrations, in case you'd like to utilize those in addition to Tettra via WorkOS.

1. SSO/SAML Setup Steps

After your team has subscribed to our Professional plan, you'll be eligible for setting up your integration.

1. Share with us verified domains (we'll reach out and ask, but you can also email [email protected])

2. Share the email address you'd like us to send instructions to. Usually this is someone on your IT team who will take the lead in SCIM setup.

3. Wait for an email from us, then follow instructions that are sent from WorkOS in that email.

4. Let us know when it's complete, and we'll enable SSO for your team.

After this, users will be able to log in with SSO, but your user directory won't yet be synced. That means that you may have team members in your directory who are not in Tettra yet, and users in Tettra won't be deactivated yet even if they aren't in your directory.

Groups: If you have been using Groups in Invite-Only Categories, then those categories may be temporarily restricted to only the category owner. Those category owners will need to re-invite the groups who should have access to those categories, so they may want to record which groups and users are allowed access before making the switch to SSO/SCIM. If you have any questions please reach out to us at [email protected].

2. SCIM Setup

Enable users to join without invitation

If the team wants users to be able to join without an invitation they should turn on the SSO flag in Admin Settings.

The domains listed here will be the domains you shared with us in step 1, above.

Note: you will only see SSO and SCIM options in your Admin settings if your team has a Professional subscription.

Enable SCIM sync

⚠️ This option will disable Google Groups, which is a legacy feature your team may have been using. Reach out to us at [email protected] if you have any questions.

This is what will allow you to onboard and offboard team members easily.

In admin settings, scroll down to the SCIM section and check the box next to Allow team information sync with active directory.

3. Group Sync

This additional option allows you to set invite-only categories easily by group. You'll manage groups in WorkOS.

For example, you could have a category in Tettra only for your IT team:

Setting Up SSO/SCIM (Professional Plan Only)

SSO/SCIM is only available on Professional tier plans. Contact us at [email protected] for more information.

Overview / Basic Info

There are three parts of the WorkOS integration:

SSO/SAML: Allows anyone with the domain to login.
SCIM: Automatically adds/removes people in Tettra to make sure the user list is accurate.
Group Sync: (Optional) Pulls in groups to Tettra for permissions.

WorkOS is the tool you'll use to roll this out. You may set up SSO and not SCIM, but if you want SCIM, SSO must be set up first.

Here's a list of other WorkOS integrations, in case you'd like to utilize those in addition to Tettra via WorkOS.

1. SSO/SAML Setup Steps

After your team has subscribed to our Professional plan, you'll be eligible for setting up your integration.

1. Share with us verified domains (we'll reach out and ask, but you can also email [email protected])

2. Share the email address you'd like us to send instructions to. Usually this is someone on your IT team who will take the lead in SCIM setup.

3. Wait for an email from us, then follow instructions that are sent from WorkOS in that email.

4. Let us know when it's complete, and we'll enable SSO for your team.

2. SCIM Setup

Enable users to join without invitation

If the team wants users to be able to join without an invitation they should turn on the SSO flag in Admin Settings.

The domains listed here will be the domains you shared with us in step 1, above.

Note: you will only see SSO and SCIM options in your Admin settings if your team has a Professional subscription.

Enable SCIM sync

⚠️ This option will disable Google Groups, which is a legacy feature your team may have been using. Reach out to us at [email protected] if you have any questions.

This is what will allow you to onboard and offboard team members easily.

In admin settings, scroll down to the SCIM section and check the box next to Allow team information sync with active directory.

3. Group Sync

This additional option allows you to set invite-only categories easily by group. You'll manage groups in WorkOS.

For example, you could have a category in Tettra only for your IT team:

Tettra Help Docs

Setting Up SSO/SCIM (Professional Plan Only)

Overview / Basic Info

1. SSO/SAML Setup Steps

2. SCIM Setup

Enable users to join without invitation

Enable SCIM sync

3. Group Sync

Tettra Help Docs

Setting Up SSO/SCIM (Professional Plan Only)

Overview / Basic Info

1. SSO/SAML Setup Steps

2. SCIM Setup

Enable users to join without invitation

Enable SCIM sync

3. Group Sync

Setting Up SSO/SCIM (Professional Plan Only)

Overview / Basic Info

1. SSO/SAML Setup Steps

2. SCIM Setup

Enable users to join without invitation

Enable SCIM sync

3. Group Sync

Related

Setting Up SSO/SCIM (Professional Plan Only)

Overview / Basic Info

1. SSO/SAML Setup Steps

2. SCIM Setup

Enable users to join without invitation

Enable SCIM sync

3. Group Sync

Related