Single Sign-On enables your company to authenticate to your Together Organization through your company’s existing Identity Provider (IdP) when configured for SSO. Instead of managing separate credentials, Members sign in with the same account they use for everything else at your company.Documentation Index
Fetch the complete documentation index at: https://docs.together.ai/llms.txt
Use this file to discover all available pages before exploring further.
SSO is available for Scale and Enterprise accounts. Contact sales to upgrade.
Supported Providers
Together supports SSO via SAML and OIDC protocols with these Identity Providers:- Google Workspace
- Okta
- Microsoft Entra (Azure AD)
- JumpCloud
| Provider | Protocol | Setup Guide |
|---|---|---|
| Most IdPs | SAML | SAML setup guide |
| Most IdPs | OIDC | OIDC setup guide |
| Okta | SAML | Okta SAML setup guide |
| Okta | OIDC | Okta OIDC setup guide |
| Google Workspace | SAML | Google Workspace SAML setup guide |
| Microsoft Entra | SAML | Microsoft Entra SAML setup guide |
| Microsoft Entra | OIDC | Microsoft Entra OIDC setup guide |
What SSO Enables
- Automated provisioning. Members are added to your organization automatically when they authenticate through your IdP.
- Centralized offboarding. Deactivate a user in your IdP and their Together access is revoked.
- Shared resources. SSO members can collaborate on fine-tuned models, inference analytics, clusters, and billing within their projects.
- Audit trail. Individual authentication means you can track who did what.
Setting Up SSO
Contact support or your Account Executive with:- Your company’s legal name
- The email domain(s) to associate (e.g.,
@yourcompany.com) - Which Identity Provider you use
- The email address of the initial account owner
Migrating from Legacy Enterprise Sign-On
If your team currently uses a shared username/password enterprise account, we recommend migrating to SSO. Shared credential accounts will be deprecated in the coming months. Benefits of migrating:- Individual accountability (each person has their own login)
- Automated onboarding/offboarding through your IdP
- Stronger security (no shared passwords)
- Access to role-based permissions and multi-project support
Session Management
Together manages its own session timeouts independently from your IdP’s default settings. Session duration and re-authentication requirements are configured on the Together side.FAQs
Can I use SSO and email invitations together?
Can I use SSO and email invitations together?
No. Organizations use either SSO or invitation-based membership, not both. If SSO is enabled, all members authenticate through your IdP.
What happens to existing members when I enable SSO?
What happens to existing members when I enable SSO?
Existing members will need to re-authenticate through your IdP on their next login. Their resources and project membership are preserved.
Can I configure SSO myself?
Can I configure SSO myself?
Not yet. Self-service SSO configuration is on our roadmap. For now, our team handles setup.
What’s Coming
- Spend controls per member or project
- Self-service SSO configuration
- SCIM provisioning for automated group and role sync
Related
Together's IAM Model
How users, credentials, and resources fit together
Organizations
Manage your org and membership
Roles & Permissions
What Admins and Members can do