How to configure SSO in Tenor

Admins can configure SSO (Single Sign-On) directly through the Tenor Admin Portal.

💡 We recommend using SAML for optimal compatibility.


  1. Go to Admin > Single Sign-on

  1. Click on + New Connection
  2. Set up your new SSO connection


  1. Select your IdP or configure a custom SAML/OIDC connection

  1. Follow the on-screen instructions depending on your selected idp/connection
    • You'll be guided step-by-step based on your selected IdP.

For SAML, please include these attribute statements:

Name: jobTitle ; Name format: Basic ; Value: user.jobTitle


To assign roles via group membership:

Name: groups ; Name format: Basic ; Value:  user.groups

  1. When setting up the app on Okta, please use this logo:


  1. Once you've completed all the above and on-screen steps, click Create to finish creating your SSO connection!

Once you've completed the initial set up, you can edit your SSO settings in the Admin dashboard, and do the following:

  • Set the selected connection as the default SSO connection

  • Map assigned group roles

💡Enabling JIT Provisioning

JIT provisioning creates users automatically when they first sign in via SSO. This is disabled by default on Tenor. To enable it, please contact support at support@tenorhq.com and we’ll enable it for you.

Need Assistance?

While the SSO setup is designed to be self-service, our team is here to help. If you'd prefer a guided walkthrough or have any questions, feel free to reach out.

📧 support@tenorhq.com

Still need help? Contact Us Contact Us

Related Articles