Single Sign-On (SSO)
This functionality is available as part of the Enterprise Edition and is not allowed for Starter and Team Editions.
In the Enterprise edition, you can configure Single Sign-On via a SAML 2.0 compatible identity provider, such as Microsoft Active Directory Federation Services.
To access the SSO settings, go to the Manage Users page and click on the "Single Sign-On" button.
Single Sign-On Properties
The "Single Sign-On" section includes the following options:
- Disabled
- By default, the "Disabled" option is chosen.
- Test Mode
- When "Test Mode" is selected, the regular login process remains intact. However, you can perform a test run through the identity provider by navigating to the Login URL link. We recommend doing this in a private or incognito browser window for clean results.
- Enabled for all users
- To enable SSO for all users, select the "Enabled for all users" option. This way is called "Forced Single Sign-On," where all users are forwarded to the identity provider (IdP) to authenticate.
- Enabled for selected users
- This is a mixed mode that allows you to mark some users to log in via IdP, while others will use the regular TeamDesk login process.
For the Enabled for selected users option, you need to manage who is eligible to use IdP. To do this, go to the Manage Users page, select the users from the list, and click Actions > Enable SSO Login.
Please note that the SSO Login checkbox appears only in mixed mode and has no effect in forced mode.
On the first attempt to log in in mixed mode, the user will see a prompt to use either the corporate system or the regular login/password pair.
Once the user logs in via the corporate system successfully, on the next login attempt, they will be forwarded to IdP automatically.
For detailed examples of how to configure Single Sign-On (SSO), you can refer to the TeamDesk blog.
I made some formatting changes for better readability and clarified certain phrases for better understanding.