Skip to content
English
Customer portal Sign in
Go to Tai Software
  • There are no suggestions because the search field is empty.

Federated Login - SSO Authentication

Single Sign-On (SSO or Federated Login) allows users to log in once to access the TMS, eliminating the need for multiple passwords and enhancing security through centralized authentication with a trusted identity provider such as Microsoft or Google.

Benefits of Using Google or Microsoft for Single Sign-On (SSO)

Single Sign-On (SSO) allows you to securely log in to our platform using your existing Google or Microsoft account, rather than creating and managing a separate username and password. 

By default, SSO is enabled for both Google and Microsoft. For the highest level of security and convenience, we strongly recommend using one of these trusted providers as your primary login method. This article explains the key benefits.

How SSO Improves Your Security

Using Google or Microsoft to sign in protects you from these common threats by leveraging the world-class security built by those companies.

🛡️ Multi-Factor Authentication (MFA)

When you protect your Google or Microsoft account with MFA (like a code sent to your phone or a prompt you tap "yes" on), that protection is automatically extended to your account with us. This means that even if an attacker steals your password, they can't log in without access to your second factor (e.g., your phone).

🔐 Stronger Security, Fewer Passwords

Instead of creating another password to remember (and potentially reuse), you rely on the single, strong password you've already created for your Google or Microsoft account. You only have to manage one password, making it easier to ensure it's unique and complex.

🎣 Protection from Phishing

With SSO, you are always redirected to the official Google or Microsoft sign-in page. You are trained to only enter your main password on that familiar, trusted page, making it much harder for a fake login page to trick you.

⛔ Instant Access Removal for Leavers

When an employee leaves your company, securely managing their exit is critical. With SSO, it's one and done. When your administrator disables their primary Google or Microsoft account, their access to our platform is instantly and automatically revoked. This eliminates the security risk of former employees retaining access and simplifies offboarding.

More Than Security: It's Convenient

Beyond the security benefits, using SSO is also faster and easier.

  • One-Click Access: Log in with a single click instead of typing your credentials.

  • No New Passwords to Remember: You don't have to create or remember a new, unique password just for our service.

Enabling SSO

To manage your SSO settings, navigate to the LSP tab and select 'My Organization,' then proceed to 'Organization Settings.' Within the Organization Parameters section, you will find checkboxes for Google, Microsoft, Basic Login, and Okta. By unchecking any of these options, you can customize the login page to display only the needed authentication methods.

Available SSO options:

  1. Microsoft
  2. Google
  3. Okta

Once you have set up SSO for your organization, your login page will be updated to reflect these changes.

Please note that your email address must be used as your username to enable SSO functionality.

To set your email address as your username, please follow these simple steps:

1. Navigate to the LSP tab in your dashboard.

2. Click on the 'Staff' option to view the list of staff members.

3. Locate the staff member you wish to edit and click on the blue pencil icon located on the far right.

4. In the login field, replace the current username with your email address.

Basic Username and Password Login

Password-based login is available with additional safeguards to minimize security risk. For organizations that prefer a traditional authentication flow, users can still sign in with a unique username and password. This ensures that every user can authenticate, even if they are not connected to Google, Microsoft, Okta, or other third-party identity providers.

Inactive Account Protection

Accounts that have not authenticated for an extended period are protected automatically.

If a user has not logged in for 4 months:

  • The account remains active

  • The user may still appear in assignments and historical records

  • Password-based authentication is disabled

To regain access, the user must re-establish credentials using the password recovery process.

Password Rotation Enforcement

To limit long-term credential reuse, password updates are required under specific conditions.

A password update is required when:

  • Password-based authentication is used

  • The password has not been updated in over 3 months

  • The account is older than 3 months

Newly created accounts are not immediately affected.

Security Awareness Notice

When password-based authentication is used, users may see an informational notice indicating that this method provides limited security protections.

This notice:

  • Does not block access

  • Serves as a reminder of security risk

  • Encourages the use of more secure authentication methods

This authentication method will apply to LSP staff ONLY. It is important to note that customer staff can still use basic authentication to access the front office pages.