This guide explains how Single Sign-On (SSO) works in Tacklit, what changes it introduces, and what your team should consider when preparing to switch over.
1. What is SSO
Single Sign-On (SSO) lets your team members sign in to Tacklit using the same account they already use within your organisation, such as Microsoft 365, Google Workspace, or Okta.
It provides a simpler, more secure login experience by removing the need for separate Tacklit passwords and by allowing your IT team to control access centrally.
There is no change for clients or patients using your Tacklit-powered portals. This update only affects how your internal team logs in.
2. Two Ways to Use SSO
Tacklit supports two setup options. Your organisation can choose which approach best suits your needs.
Option A: SSO as the Only Way to Sign In
All users log in through your organisation’s SSO provider.
The standard Tacklit email and password login is turned off.
Access, password resets, and security policies are all managed through your SSO system.
Login steps
1. Go to your new login page: {customer}.tacklit.com
2. Select “Sign in with {provider name}”
3. You will be redirected to your organisation’s login screen
4. Once authenticated, you’ll be taken straight into Tacklit
When a user is offboarded or disabled in your SSO provider, they will automatically lose access to Tacklit. There is no need to separately deactivate them in Tacklit.
Option B: SSO as an Additional Option
Users can choose to log in either with SSO or with their existing Tacklit email and password.
This option is useful when you want to introduce SSO gradually or support external users who don’t have your internal login accounts.
Login steps
1. Go to {customer}.tacklit.com
2. Choose “Sign in with {provider name}” or “Sign in with email” Notes
● If SSO is enabled, any user who is added to Tacklit with an email address from the
specific domain must use SSO. Alternative login is only available for users added on
other email accounts e.g. gmail, xcorp etc
3. User Management
Even when SSO is enabled, every user still needs to exist in Tacklit.
This ensures their access level, permissions and role settings are correctly applied.
Administrators can continue to add new users through Team Settings → Add User.
The email address in Tacklit must match the user’s SSO email address.
When a user signs in via SSO for the first time, Tacklit automatically links the two accounts.
If a user hasn’t yet been created in Tacklit, they won’t be able to log in until an administrator adds them.
4. Updated Login URL
Once SSO is active, your team will log in through your dedicated workspace address:
https://{customer}.tacklit.com
This replaces the general login page at au.tacklit.com.
You can bookmark your workspace link or share it internally.
5. Considerations for Switch Over
Before enabling SSO, there are a few things to plan for:
Access management
● Confirm that all users who need Tacklit access are active in your SSO provider and
have matching email addresses.
● When a user is removed or disabled in your SSO system, they will automatically lose access to Tacklit.
● If you keep SSO optional, ensure any remaining Tacklit-only users still have valid email logins.
Testing
● Test a few logins with your IT administrator before rollout.
● Confirm that both SSO and non-SSO users (if applicable) can access the correct
workspace.
Communication
● Let your team know about the new login process and share the updated URL.
● Encourage them to bookmark {customer}.tacklit.com.
Timing
● Plan to make the change outside of core clinic hours if possible, to avoid interruptions.
6. Summary
7. Support
Our team can help your IT administrator configure SSO, exchange metadata, test login flows, and plan your rollout.
Contact [email protected] if you’d like assistance with setup or transition.