Single Sign-on functionality in TeamDesk is available in Enterprise editions running either on TeamDesk subdomains or custom domain names. In this guide we’ll be referring to our test subdomain, enteprise.teamdesk.net. While setting up, please substitute enterprise.teamdesk.net with your own domain/subdomain name.
Ready to go?
Setup single sign-on in TeamDesk
First, in TeamDesk navigate to My Domain | All Users | Single Sign-on, switch to Test Mode and click Update button. New section, Service Provider will appear. Save the content of Metadata XML link as file.
Do not close TeamDesk page, we’ll return back later.
Setup single sign-on in Azure AD
Now, navigate to your Azure Active Directory | Enterprise Applications, click New Application, add Azure AD SAML Toolkit, give it a name, say, TeamDesk SSO. Navigate to newly installed app.
From left-side menu, select Users and Groups and add your user account to the app (assuming your Azure AD account’s email address matches the one you use in TeamDesk).
Now, from the left-side menu select Single Sign-on, and then select SAML.
- Upload metadata file saved from TeamDesk and copy the content of Reply URL field to Sign on URL field, or configure step 1 manually.
- At step 2, set the value of Unique User Identifier (Name ID) to user.mail.
- At step 3, download the file from Federation Metadata XML.
Now switch back to TeamDesk and paste file’s content into Identity Provider’s Metadata XML text box. Also to simplify testing, you may want to check Allow IdP-initiated logins box. Then click Update button.
Now you are ready to test.
If you have enabled IdP-initiated logins, you can switch back to Azure app’s settings, scroll down to step 5 and click Test button. Or, to test logins from TeamDesk side, navigate to Login URL (Sign on URL in Azure AD terms) link in a new Incognito/Private browser window. Once test run succeeds, finish setting up your Azure AD app by adding users and groups. Then enable SSO for all users in TeamDesk.