Let’s see how to enable Single Sign-on with OneLogin and TeamDesk.
Single Sign-on functionality in TeamDesk is available in Enterprise editions running either on TeamDesk subdomains or custom domain names. In this guide we’ll be referring to our test subdomain, enteprise.teamdesk.net. While setting up, please substitute enterprise.teamdesk.net with your own domain/subdomain name.
Ready to go?
Setup single sign-on in TeamDesk
First, in TeamDesk navigate to My Domain | All Users | Single Sign-on, switch to Test Mode and click Update button. New section, Service Provider will appear. Save Public Key as file.
Keep service provider settings on display, we’ll need this information later.
Setup single sign-on in OneLogin
Navigate to OneLogin administration console, select Applications from the top menu and click Add App button. Search and add SAML Custom Connector (Advanced). Name the app, say TeamDesk SSO, add an icon if you wish. Save and let’s configure SAML related options.
Now, select SAML Metadata from More Actions dropdown in the app setup header.
The browser will prompt to download the file. Open saved file with text editor. Then, switch back to TeamDesk. Paste file’s content into Identity Provider’s Metadata XML text box. Click Update button.
Then, copy the information from TeamDesk’s Service Provider section to the fields on Configuration tab.
- Copy Entity ID to Audience (EntityID) and Recipient fields.
- Then copy Login URL to ACS (Consumer) URL and Login URL fields.
- Next, Copy Login URL to ACS (Consumer) URL Validator field. Add caret sign (^) at the beginning, dollar sign ($) at the end and prefix each dot (.) with backslash (\). You’ll end up with:
^https://enterprise\.teamdesk\.net/secure/sso/login\.ashx$
- Copy Logout URL into Single Logout URL.
- Set SAML initiator to Service Provider
- Set SAML signature element to Both
- Check Sign SLO Request and Sign SLO Response boxes.
Finally, switch back to OneLogin, on Users tab add users to the app.
Save the changes and you are ready to go.