Organizations
SSO for organizations
Tragentics supports organization-level SAML SSO configuration so members on a company domain can sign in through their identity provider instead of using only local email-and-password auth.
What SSO does
Organization SSO gives the admin a way to tie sign-in behavior to a verified business domain and a SAML provider configuration.
Once configured, users on the organization's domain can be recognized on the login page and prompted toward SSO.
Where SSO is configured
The SSO card currently lives in the Members tab on the organization page. It shows:
- whether SSO is currently active
- the configured domain
- the ability to configure SSO
- the ability to remove the current SSO configuration
Required inputs
The current SSO configuration flow asks for:
- Company domain — for example
acme.com - IdP metadata URL — your identity provider's SAML metadata endpoint
Tragentics stores the provider reference and the SSO domain at the organization layer so sign-in behavior can be routed correctly.
Login behavior
On the login page, Tragentics can check whether the user's email domain matches an organization with SSO enabled. If it does, the login experience can show SSO-specific affordances instead of behaving like a purely local-auth-only account.
This domain check is public and rate-limited. It does not expose the full organization surface — it only answers whether SSO is enabled for that domain.
Removing SSO
The admin can remove SSO from the organization. Doing so clears the organization's SSO provider reference and domain association.
Removing SSO is not the same as deleting the organization. It only changes the organization's identity entry point.