One login for everything: SSO with your own identity provider

This is exactly where we at tapio come in. We want to break down barriers. That's why we now enable companies to use their own Identity Provider (IdP) for access to tapio.

What this exactly means and why it is a massive relief for both users and IT, we have summarized here.

What does SSO with your own IdP actually mean?

Single Sign-On (SSO) simply means: Log in once, access everything. Instead of creating a separate password for tapio, your employees use their existing company credentials—for example, from Microsoft Entra ID (formerly Azure AD), Okta, or another Identity Provider. Your own IdP manages the login, and tapio trusts this "confirmation."

The technical foundation: Modern & secure

We use OpenID Connect for this integration. It is a modern industry standard built on the proven OAuth 2.0 protocol. For you, this means a future-proof integration that is already a standard feature in almost all major Identity Providers.

Why the switch is worth it: Checking the benefits

1. For users: No more password jungle
The biggest advantage is obvious: No new credentials. When employees start their computers in the morning and log into their company account, they are essentially already halfway into tapio. This reduces frustration, saves time, and prevents those "I forgot my password" moments on Monday mornings.

2. For IT: Security at the enterprise level
With SSO, your IT department regains full control. All the security policies you already use internally automatically apply to the tapio login:

• Multi-Factor Authentication (MFA): If your company requires MFA, it also applies to tapio login.

• Central password rules: Length, complexity, and change intervals are centrally managed.

• Immediate Lock: If an employee leaves the company and their central account is deactivated, access to tapio is immediately locked. Without having to delete manually in two places.

Transparency is important to us: What SSO does not do

There is a common misconception we want to clarify right away: SSO is not user synchronization.

Even though the login runs through your Identity Provider, the control over roles and permissions remains intentionally with you in My tapio. This means:

• Users must still be created once in My tapio.

• Roles (who can see what?) are managed locally in My tapio.

• SSO exclusively handles "opening the door" (authentication), not the "house rules" (permission management).

Practice Check: This is how simple the login looks

Imagine an employee, Anna, wants to access the ServiceBoard:

1. Anna goes to the login and selects “SSO for major customers”.

2. She enters her business email address.

3. tapio recognizes the domain and directs Anna directly to her company's login window.

4. There she logs in with her usual data (if she is not already logged in).

5. Done! Anna is in the system without ever entering a specific tapio password.

Conclusion: More focus on what matters

Introducing SSO with your own Identity Provider is another step in our mission to make digitalization in the wood industry as simple as possible. It saves time, increases security, and noticeably improves the user experience.

Frequently asked questions answered briefly:

Do I still have to create users in My tapio?
Yes, this is still necessary for role assignment.

Do you support SAML?
We are currently focusing on OpenID Connect because it is the more modern and leaner standard.

Can we enforce MFA?
Yes, if your IdP supports it, it also applies to tapio.

Is SSO more secure than a normal password system?
In many cases yes, because central security policies apply and passwords need to be managed manually less often.

Ready for the next step?

Would you like to know what the setup plan for your company looks like? In a short, free consultation, we will review together which steps are also required in your IT environment to activate SSO for your organization.

Contact us now and schedule an SSO check