Single Sign-On (SSO)
In the Enterprise edition you can configure Single Sign-On via SAML 2.0 compatible identity provider (for example, Microsoft Active Directory Federation Services).
To access the SSO settings, go to the Manage Users page and click on the is Single Sign-On button.
Single Sign-On section includes the following options:
| Option | Description |
|---|---|
| Disabled | By default the Disabled option is chosen. |
| Test Mode | When Test Mode is selected, regular login process remains intact. But you can make a test run through identity provider by navigating to Login URL link. We recommend to do it in Private/Incognito browser window for clean results. |
| Enabled for all users | To enable SSO, chose the Enabled for all users option. This way is called Forced Single Sign-on, when all the users are forwarded to the identity provider (IdP) to authenticate |
| Enabled for selected users | This is a mixed mode that allows to mark some users to login via IdP. Others will use regular TeamDesk login process. |
For the Enabled for selected users option you need manage who’s eligible to use IdP. For that you need to go to the Manage Users page, select the users from the list and click Actions > Enable SSO Login.
Please note that SSO Login checkbox appears only in mixed mode. It has no effect in forced mode.
On first attempt to login in mixed mode the user will see the prompt to use either corporate system or regular login/password pair.
Once the user logs in via corporate system successfully, on next login attempt we will forward the user to IdP automatically.
The detailed examples how to configure Single Sign-On (SSO) you can find in TeamDesk blog.