Configuring Single Sign-On

Single sign-on (SSO) improves security controls; with SSO configured, users are redirected to authenticate to Tamr Cloud using your organization’s Identity Provider (IdP) when logging in.

With SSO enabled, you cannot create new users from Tamr Cloud Admin > Users. New users are automatically provisioned when they sign into Tamr Cloud for the first time via SSO, as follows:

  • User accounts are created automatically from the IdP when the user first logs in, based on the user's email address.
  • New users are assigned to the default role of author.
  • Tamr Cloud sends the user an email confirmation, which the user must accept before being able to log in.

important Important:

  • At least one user in your tenant must have the Admin role before configuring SSO.
  • When SSO is enabled, any existing Tamr Cloud user accounts will be migrated to SSO authentication, and will retain all associated permissions. The user’s email address must be the same before and after SSO is enabled; otherwise, the user is treated as a new Tamr Cloud user.

Tamr Cloud supports the following enterprise IdPs:

  • SAML 2.0, including Okta (preferred)
  • Google Workspace

Contact Tamr Support ([email protected]) if you are interested in configuring SSO authentication and authorization for your tenant.