{"id":2586,"date":"2022-01-14T13:56:55","date_gmt":"2022-01-14T19:56:55","guid":{"rendered":"https:\/\/www.teamdesk.net\/blog\/?p=2586"},"modified":"2022-01-18T03:01:51","modified_gmt":"2022-01-18T09:01:51","slug":"teamdesk-single-sign-on-improvements","status":"publish","type":"post","link":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/","title":{"rendered":"Single Sign-on improvements"},"content":{"rendered":"\n<p>This week we made a couple of small but important improvements related to <a href=\"https:\/\/en.wikipedia.org\/wiki\/Single_sign-on\">SSO<\/a> (Single Sign-on) integration.<\/p>\n\n\n\n<p>Let&#8217;s check what&#8217;s new.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/image-1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/image-1-1024x1017.png\" alt=\"\" class=\"wp-image-2589\" width=\"512\" height=\"509\" srcset=\"https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/image-1-1024x1017.png 1024w, https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/image-1-300x298.png 300w, https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/image-1-150x150.png 150w, https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/image-1-768x763.png 768w, https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/image-1.png 1188w\" sizes=\"auto, (max-width: 512px) 100vw, 512px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Test Mode<\/h2>\n\n\n\n<p>First, we changed <a href=\"https:\/\/www.teamdesk.net\/help\/14.1.5.aspx\">Single Sign-on<\/a> option from Enabled\/Disabled checkbox to a tri-state radio, adding Test Mode.<\/p>\n\n\n\n<p>When Single Sign-on is enabled all users are routed to Identity Provider (IdP) to complete login process. However setting up the integration is multi-step process. You may need to tweak some options on both TeamDesk and IdP without letting regular login process to break. That&#8217;s where Test Mode kicks in. When Test Mode is selected, regular login process remains intact. But you can make a test run through identity provider by navigating to Login URL link. We recommend to do it in Private\/Incognito browser window for clean results.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Service Provider URLs<\/h2>\n\n\n\n<p>As a part of initial setup both Identity Provider and Service Provider exchange with metadata documents containing all the settings needed for integration. All the IdPs we&#8217;ve seen so far provide their own settings as metadata documents, but some of them are unable to import metadata documents from Service Providers. Usually you have to fill in necessary data in a sort of setup form. To help dealing with such providers we are now displaying bare minimum of information needed to setup the integration. That is Entity ID, Login\/ACS URL, Logout URL and a public key that IdP needs to verify logout request&#8217;s signature. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">IdP Logins<\/h2>\n\n\n\n<p>Last, we added an option to allow IdP-initiated logins. Normally, service provider initiates the <a href=\"https:\/\/www.teamdesk.net\/help\/14.aspx\">login process<\/a> and redirects the user to IdP. Then SP waits for authentication result. However one identity provider can potentially work with many services. Some IdPs present the user with a dashboard where the user selects the service to login to. Here is one that <a href=\"https:\/\/www.okta.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Okta<\/a> displays:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/image-2.png\" alt=\"Okta Single Sign-on dashboard\" class=\"wp-image-2590\" width=\"499\" height=\"388\" srcset=\"https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/image-2.png 998w, https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/image-2-300x233.png 300w, https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/image-2-768x597.png 768w\" sizes=\"auto, (max-width: 499px) 100vw, 499px\" \/><\/figure>\n\n\n\n<p>However, user&#8217;s convenience is added at the cost of <a href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/SAML_Security_Cheat_Sheet.html#unsolicited-response-ie-idp-initiated-sso-considerations-for-service-providers\">security<\/a>, so, use with caution.<\/p>\n\n\n\n<p>Next week we&#8217;ll publish a series of articles describing the integration with leading identity providers.<\/p>\n\n\n\n<p>That&#8217;s all for today. Stay tuned.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We made a couple of small but important improvements, including Test Mode, IdP-initiated logins and service provider settings display.<\/p>\n","protected":false},"author":4,"featured_media":2616,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[235,255,252],"class_list":["post-2586","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-whats-new","tag-login","tag-single-sign-on","tag-sso"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Single Sign-on improvements - TeamDesk Blog<\/title>\n<meta name=\"description\" content=\"We made a couple of small but important improvements, including Test Mode, IdP-initiated logins and service provider settings display\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Single Sign-on improvements - TeamDesk Blog\" \/>\n<meta property=\"og:description\" content=\"We made a couple of small but important improvements, including Test Mode, IdP-initiated logins and service provider settings display\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/\" \/>\n<meta property=\"og:site_name\" content=\"TeamDesk Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-14T19:56:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-01-18T09:01:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/Single-Sign-On-image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"870\" \/>\n\t<meta property=\"og:image:height\" content=\"708\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kirill Bondar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kirill Bondar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/\"},\"author\":{\"name\":\"Kirill Bondar\",\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/#\\\/schema\\\/person\\\/22c4c05bd657513c8b00122fa364c8d2\"},\"headline\":\"Single Sign-on improvements\",\"datePublished\":\"2022-01-14T19:56:55+00:00\",\"dateModified\":\"2022-01-18T09:01:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/\"},\"wordCount\":337,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/Single-Sign-On-image.png\",\"keywords\":[\"login\",\"single sign-on\",\"sso\"],\"articleSection\":[\"What's New\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/\",\"url\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/\",\"name\":\"Single Sign-on improvements - TeamDesk Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/Single-Sign-On-image.png\",\"datePublished\":\"2022-01-14T19:56:55+00:00\",\"dateModified\":\"2022-01-18T09:01:51+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/#\\\/schema\\\/person\\\/22c4c05bd657513c8b00122fa364c8d2\"},\"description\":\"We made a couple of small but important improvements, including Test Mode, IdP-initiated logins and service provider settings display\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/Single-Sign-On-image.png\",\"contentUrl\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/Single-Sign-On-image.png\",\"width\":870,\"height\":708,\"caption\":\"SSO\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/whats-new\\\/teamdesk-single-sign-on-improvements\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Single Sign-on improvements\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/\",\"name\":\"TeamDesk Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/#\\\/schema\\\/person\\\/22c4c05bd657513c8b00122fa364c8d2\",\"name\":\"Kirill Bondar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dc5bc844095b5753ccc73c589c028bf16615674f289668146bbd59205a08a52d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dc5bc844095b5753ccc73c589c028bf16615674f289668146bbd59205a08a52d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/dc5bc844095b5753ccc73c589c028bf16615674f289668146bbd59205a08a52d?s=96&d=mm&r=g\",\"caption\":\"Kirill Bondar\"},\"url\":\"https:\\\/\\\/www.teamdesk.net\\\/blog\\\/author\\\/kirill-bondar\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Single Sign-on improvements - TeamDesk Blog","description":"We made a couple of small but important improvements, including Test Mode, IdP-initiated logins and service provider settings display","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/","og_locale":"en_US","og_type":"article","og_title":"Single Sign-on improvements - TeamDesk Blog","og_description":"We made a couple of small but important improvements, including Test Mode, IdP-initiated logins and service provider settings display","og_url":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/","og_site_name":"TeamDesk Blog","article_published_time":"2022-01-14T19:56:55+00:00","article_modified_time":"2022-01-18T09:01:51+00:00","og_image":[{"width":870,"height":708,"url":"https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/Single-Sign-On-image.png","type":"image\/png"}],"author":"Kirill Bondar","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kirill Bondar","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/#article","isPartOf":{"@id":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/"},"author":{"name":"Kirill Bondar","@id":"https:\/\/www.teamdesk.net\/blog\/#\/schema\/person\/22c4c05bd657513c8b00122fa364c8d2"},"headline":"Single Sign-on improvements","datePublished":"2022-01-14T19:56:55+00:00","dateModified":"2022-01-18T09:01:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/"},"wordCount":337,"commentCount":0,"image":{"@id":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/#primaryimage"},"thumbnailUrl":"https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/Single-Sign-On-image.png","keywords":["login","single sign-on","sso"],"articleSection":["What's New"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/","url":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/","name":"Single Sign-on improvements - TeamDesk Blog","isPartOf":{"@id":"https:\/\/www.teamdesk.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/#primaryimage"},"image":{"@id":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/#primaryimage"},"thumbnailUrl":"https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/Single-Sign-On-image.png","datePublished":"2022-01-14T19:56:55+00:00","dateModified":"2022-01-18T09:01:51+00:00","author":{"@id":"https:\/\/www.teamdesk.net\/blog\/#\/schema\/person\/22c4c05bd657513c8b00122fa364c8d2"},"description":"We made a couple of small but important improvements, including Test Mode, IdP-initiated logins and service provider settings display","breadcrumb":{"@id":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/#primaryimage","url":"https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/Single-Sign-On-image.png","contentUrl":"https:\/\/www.teamdesk.net\/blog\/wp-content\/uploads\/2022\/01\/Single-Sign-On-image.png","width":870,"height":708,"caption":"SSO"},{"@type":"BreadcrumbList","@id":"https:\/\/www.teamdesk.net\/blog\/whats-new\/teamdesk-single-sign-on-improvements\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.teamdesk.net\/blog\/"},{"@type":"ListItem","position":2,"name":"Single Sign-on improvements"}]},{"@type":"WebSite","@id":"https:\/\/www.teamdesk.net\/blog\/#website","url":"https:\/\/www.teamdesk.net\/blog\/","name":"TeamDesk Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.teamdesk.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.teamdesk.net\/blog\/#\/schema\/person\/22c4c05bd657513c8b00122fa364c8d2","name":"Kirill Bondar","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/dc5bc844095b5753ccc73c589c028bf16615674f289668146bbd59205a08a52d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/dc5bc844095b5753ccc73c589c028bf16615674f289668146bbd59205a08a52d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/dc5bc844095b5753ccc73c589c028bf16615674f289668146bbd59205a08a52d?s=96&d=mm&r=g","caption":"Kirill Bondar"},"url":"https:\/\/www.teamdesk.net\/blog\/author\/kirill-bondar\/"}]}},"_links":{"self":[{"href":"https:\/\/www.teamdesk.net\/blog\/wp-json\/wp\/v2\/posts\/2586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.teamdesk.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.teamdesk.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.teamdesk.net\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.teamdesk.net\/blog\/wp-json\/wp\/v2\/comments?post=2586"}],"version-history":[{"count":4,"href":"https:\/\/www.teamdesk.net\/blog\/wp-json\/wp\/v2\/posts\/2586\/revisions"}],"predecessor-version":[{"id":2617,"href":"https:\/\/www.teamdesk.net\/blog\/wp-json\/wp\/v2\/posts\/2586\/revisions\/2617"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.teamdesk.net\/blog\/wp-json\/wp\/v2\/media\/2616"}],"wp:attachment":[{"href":"https:\/\/www.teamdesk.net\/blog\/wp-json\/wp\/v2\/media?parent=2586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.teamdesk.net\/blog\/wp-json\/wp\/v2\/categories?post=2586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.teamdesk.net\/blog\/wp-json\/wp\/v2\/tags?post=2586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}