Essential tips to secure your TagoRUN app! [Tip #36 Carolina from Support]

General Support Tips
1

Hey y’all! Carolina from support here!

Today I’m sharing some quick tips to strengthen your TagoRUN security and make sure only authorized people can access your application.

1. Single Sign-On (SSO)

enabling Single Sign-On (SSO) lets your users log in using their company identity provider (Okta, Auth0, Azure AD, Google Workspace, etc.). It centralizes authentication and improves security and user experience.

How it works:

  • TagoRUN delegates authentication to your chosen IdP.

  • Only users granted access in your IdP can sign in to your RUN app.

Basic setup flow:

  1. In your IdP: Create a SAML app and configure it using TagoRUN’s Entity ID and ACS URL (found in TagoRUN > Security & Protection > SSO).

  2. In TagoRUN: Import the IdP metadata XML back into your RUN settings.

  3. Map attributes (email, name, etc.) in both your IdP and TagoRUN to avoid “missing field” errors.

Once configured, users can log in seamlessly with their corporate credentials.

2. Enable Two-Factor Authentication (2FA)

Add an extra layer of security by requiring a second verification step. In TagoRUN, you can enable 2FA via:

  • Authenticator app (TOTP)

  • SMS

  • Email

Go to Security & Protection → Two-Factor Authentication to turn it on for your users!

Important information: the 2FA can be mandatory if you enable the option “Enforce 2FA with enabled methods”

3. Set Password Policies

Define rules for user passwords to prevent weak credentials. You can enforce:

  • Minimum length

  • Complexity requirements (uppercase, lowercase, numbers, symbols)

  • Password expiration and history

Configure these under Security & Protection → Password Policies.

4. Activate CAPTCHA Protection

Help prevent automated attacks and brute-force login attempts by enabling CAPTCHA. It’s an easy toggle inside Security & Protection → CAPTCHA.

5. Control Session Duration

Manage how long a user stays logged in before requiring re-authentication. Adjust session timeout settings to match your security policies.

Another tip: You can manage your SAML SSO configuration programmatically via the TagoRUN SDK using methods like ssoSAMLInfo and ssoSAMLEdit from the Run resource.

Run into issues? Check your SAML attribute mappings first, and feel free to post your questions below (:

Happy week,