Tailed Docs

Appearance

Authentication & SSO

Who is this for? HR managers and IT administrators setting up or managing team access.
This guide covers how your team logs in, single sign-on options, team roles, and what happens when someone leaves.

How login works by default

Tailed uses passwordless login (also called "magic link"). When someone signs in:

  1. They enter their work email on the login page.
  2. Tailed sends them a secure link by email.
  3. They click the link — they're in. No password to forget or reset.

Sessions stay active for 7 days. After that, or when signing out, they'll need a new magic link.

Single Sign-On (SSO)

If your organization uses Microsoft (Entra ID / Azure AD) or Google Workspace, you can enable SSO so your team logs into Tailed using the same company credentials they use for everything else.

Benefits of SSO

  • One less password — your team uses their existing company login.
  • Automatic access removal — when you deactivate someone in Microsoft or Google, their Tailed access is also removed automatically.
  • Centralized control — your IT team manages who has access, not each app individually.

How to enable SSO

Note: SSO setup requires IT administrator access to your company's Microsoft Entra or Google Workspace account.

For Microsoft (Entra ID / Azure AD):

  1. In Tailed, go to Settings → Authentication → Enable SSO.
  2. Select Microsoft Entra ID.
  3. Follow the on-screen instructions — you'll be given a provisioning URL and a set of attribute mappings to enter in your Microsoft Admin Center.
  4. Once configured, your team can sign in with their Microsoft account at app.tailed.ca.

For Google Workspace:

  1. In Tailed, go to Settings → Authentication → Enable SSO.
  2. Select Google Workspace.
  3. Follow the setup steps — your Google Admin will need to authorize Tailed in the Google Admin Console.
  4. Once configured, your team can sign in with Sign in with Google.

Need help? Email support@tailed.ca and our team will walk you through the setup.

Team roles

Every member of your Tailed organization has one of these four roles:

RoleDescription
OwnerFull control — manages billing, org settings, SSO, and all team members. There is always exactly one Owner.
AdminCan manage candidates, jobs, applications, and invite/remove team members. Cannot access billing.
RecruiterCan add candidates, update applications, and view job postings. Cannot manage team members or settings.
ViewerCan browse candidates, jobs, and applications but cannot make any changes.

Changing someone's role

  1. Go to Settings → Team Members.
  2. Find the person and click the role dropdown next to their name.
  3. Select the new role — the change takes effect immediately.

Transferring ownership

Only the Owner can transfer ownership to another Admin:

  1. Go to Settings → Team Members.
  2. Click the three-dot menu next to the Admin's name.
  3. Select Transfer ownership and confirm.

Automatic de-provisioning (SSO only)

When SSO is enabled and connected to Microsoft or Google, Tailed supports automatic de-provisioning. This means:

  • When your IT team deactivates or removes someone from Microsoft Entra or Google Workspace, Tailed automatically suspends their account.
  • Their active sessions are immediately invalidated — they cannot continue to use Tailed.
  • Their data (notes, history) is retained so your records stay complete, but they can no longer log in.
  • Billing adjusts automatically — suspended users are not counted as active seats.

⚠️ Important: The organization Owner cannot be suspended via automatic de-provisioning. Transfer ownership to another member before deactivating an Owner in your identity provider.

Revoking access manually

To immediately remove someone's access (without SSO):

  1. Go to Settings → Team Members.
  2. Click the three-dot menu next to their name.
  3. Select Remove member.

Their account is suspended instantly. Their data is retained.

Frequently asked questions

Can someone be a member of more than one organization?
Yes. Team members can belong to multiple Tailed organizations (e.g. if your company has separate org units). They switch between organizations using the org switcher at the top of the dashboard.

What happens to data when a recruiter leaves?
Their notes, actions, and history remain in Tailed — they belong to the organization, not the individual. No data is lost.

Can I restrict which domains can sign up?
Yes. Go to Settings → Authentication → Allowed domains and add your company domain (e.g. acmecorp.com). Only users with that email domain will be able to join your organization.

Last updated: March 2026