Let’s see how to enable Single Sign-on with Auth0 and TeamDesk.

Single Sign-on functionality in TeamDesk is available in Enterprise editions running either on TeamDesk subdomains or custom domain names. In this guide we’ll be referring to our test subdomain, enteprise.teamdesk.net. While setting up, please substitute enterprise.teamdesk.net with your own domain/subdomain name.

Ready to go?

Setup single sign-on in TeamDesk

First, in TeamDesk navigate to My Domain | All Users | Single Sign-on, switch to Test Mode and click Update button. New section, Service Provider will appear. Save Public Key as file.

TeamDesk Single Sign-on settings page

Keep service provider settings on display, we’ll need this information later.

Setup single sign-on in Auth0

Go to Dashboard > Applications > Applications and either create a new application or click the name of an application to configure. Select the Addons tab. Enable the SAML2 Web App toggle.

From Usage tab download the file from Identity Provider Metadata Download link. Open saved file with text editor. Then, switch back to TeamDesk. Paste file’s content into Identity Provider’s Metadata XML text box. Click Update button.

On Settings tab:

Copy the Login URL from TeamDesk’s Service Provider section Application Callback URL text box.

Unlike other identity provider, Auth0 has no classic UI for setting up the parameters. Instead it uses single Settings text box where parameters are configured in JSON format.

Below is a minimal configuration that works.

{
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ],
  "logout": {
    "callback": "https://enterprise.teamdesk.net/secure/sso/logout.ashx"
  }
}

Please do not forget to update enterprise.teamdesk.net with your domain name.

Scroll down to the bottom, save the changes and you are ready to go.

Author
Date
Share