Toggl's SSO functionality has undergone a significant transformation. Here’s what’s now possible:
Enhanced security with enforced SSO-only login
This update reinforces that access is controlled exclusively through single sign-on via your identity provider, thereby reducing the risk of password theft, preventing access by users no longer recognized by the identity provider, and improving compliance with IT security policies.
Further, when SSO has been enforced, users will not be able to manually create new accounts with this domain anymore, ensuring they only join when you invite them.
More flexibility to suit your company’s needs
Multi-domain SSO setup
Allows users from different company domains to access the same workspace.Multi-workspace access:
Allows users to access all the workspaces that they have been invited to, using a single domain (previously, this was limited to one workspace per domain). Note: An admin must manually invite the user.Add additional administrators:
Enables you to appoint more administrators to manage your SSO profiles, to ensure there isn’t a single point of failure where access is concerned.Simplified user management (from June 2024)
Automatically create user accounts. If someone from your specified domains logs in via SSO but isn't yet a user of Toggl, we'll automatically set up their account and add them to all relevant workspaces linked to this SSO profile.
SSO-related activity logs (from June 2024)
Activity logs will help you troubleshoot SSO-related issues from the past three months.
Want more information? Learn how to set it up here: https://support.toggl.com/en/articles/9518746-advanced-single-sign-on-sso-settings
Legacy mode - if you set up Toggl SSO before April 29, 2024
You will recognise that you are on the legacy setup if you see the 'legacy mode' badge next to your SSO profile name, and you have a 'Use legacy mode' toggle toward the bottom of your SSO profile settings.
When releasing the new SSO implementation, we made sure your current setup remained intact and your team's access to Toggl was not disrupted.
However, the new integration has a different ACS URL and Entity ID from Toggl. We recommend that you update these details within your identity provider, so that you can be fully switched over. Here's how:
Find the Toggl application settings in your IdP
Go back to Toggl SSO, Integration details section near the top.
Copy the new ACS URL and Entity ID from that section into your Identity provider’s settings. Save in IdP.
Back in Toggl SSO, disable the ‘Use legacy mode (IdP)’ toggle on the Profile settings section.
Click 'Save changes'
→ Now, your team will be able to log in with the new setup.