Single Sign-On (SSO)

In the Enterprise edition you can configure Single Sign-On via SAML 2.0 compatible identity provider (for example, Microsoft Active Directory Federation Services).

To access the SSO settings, go to the Manage Users page and click on the is Single Sign-On button.

Graphical user interface, application  Description automatically generated

Single Sign-On section includes the following options:

Graphical user interface, text, application  Description automatically generated

Option Description
Disabled By default the Disabled option is chosen.
Test Mode When Test Mode is selected, regular login process remains intact. But you can make a test run through identity provider by navigating to Login URL link. We recommend to do it in Private/Incognito browser window for clean results.
Enabled for all users To enable SSO, chose the Enabled for all users option. This way is called Forced Single Sign-on, when all the users are forwarded to the identity provider (IdP) to authenticate
Enabled for selected users This is a mixed mode that allows to mark some users to login via IdP. Others will use regular TeamDesk login process.

For the Enabled for selected users option you need manage who’s eligible to use IdP. For that you need to go to the Manage Users page, select the users from the list and click Actions > Enable SSO Login.

Please note that SSO Login checkbox appears only in mixed mode. It has no effect in forced mode.

Graphical user interface, website  Description automatically generated

On first attempt to login in mixed mode the user will see the prompt to use either corporate system or regular login/password pair.

Once the user logs in via corporate system successfully, on next login attempt we will forward the user to IdP automatically.

Graphical user interface, text, application, chat or text message  Description automatically generated

The detailed examples how to configure Single Sign-On (SSO) you can find in TeamDesk blog.