SSO Setup Instructions for Tuple

A guide for Tuple customers who want to use SAML SSO to give their employees access to Tuple

Specific SSO Setup Guides

One Login's logo
Okta's logo

General SSO Setup Guide

What we need from you:

  • Your SSO IDP Entity ID
  • Your SSO target url that performs authentication
  • Your auth certificate or its SHA1 fingerprint
  • Ensure your attributes include "first_name", "last_name" and "email"

Please send the above info to support@tuple.app.

Information you probably need from us:

  • Our entity ID: https://production.tuple.app/users/saml/metadata
  • Our assertion consumer service (ACS) URL: https://production.tuple.app/users/saml/auth

Testing

We can help you test the integration in a sandboxed environment. Replace production with staging in the URLs above and contact us to coordinate the test.

Provisioning/deprovisioning

The first time a new user authenticates to Tuple, we provision an account for them and (if you are on a per-seat billing plan) begin charging you for that seat. While you can disable a user's access to Tuple in your IDP, deprovisioning the account such that you are no longer charged for it must be done in our team management page, accessible by your Team Owner.

Roles

We have only two roles in Tuple, Team Owner and User. By default, the Team Owner is the person who first created your team on Tuple, usually an engineering manager or developer. If you prefer to have an IT person be the team owner, just ask. Accounts provisioned via your IDP will be Users.

Permissions

Team Owners can add and remove users, invite unpaid guests, and update your billing information. Users can make and receive calls and add new Users.

Email Requirement

Email addresses for users in your SSO provider and on Tuple must match exactly. For example, dev+tuple@company.com will not match dev@company.com. Please ensure your team's email addresses are correct before we enable the SSO integration.

Questions?

Please email us and we'll get you straightened out.