With all Teamwork products, your users can sign into your site by adding a SAML Application to your Okta account.

Note: Teamwork’s SSO offering is part of the paid Advanced Security add-on which you can purchase in addition to your Teamwork subscription.

Creating the app

From the Applications screen of your Okta admin console, click Add Applications.

On the next page, choose Create New App.

In the following dialogue select Web as the Platform, and choose SAML 2.0 as the sign-on method.

Give your app a name, such as "Teamwork SSO" for instance. If you would like to add the Teamwork logo for your users, you can download it from the Teamwork press media kit.

Note: You will have to scale down the image to follow Okta's maximum image size limit.

Configuring the App

To configure your SAML app, you will need to know if your Teamwork site is hosted in our US or EU regions.

Default Relay State

The Default Relay State will allow users to click on a link in their Okta dashboard and be automatically logged into your Teamwork account.

In order to enter a Default Relay State, you will need your Okta externalID and your teamwork.com domain.

  • For the US, the url will use the format:
    • https://teamwork.com/samlauth/login/?idp=http://www.okta.com/{Your Okta ExternalId}&retURL=https://{Your Teamwork Installation Domain}/launchpad/saml/auth
  • For the EU, the url will use the format:
    • https://eu.teamwork.com/samlauth/login/?idp=http://www.okta.com/{Your Okta ExternalId}&retURL=https://{Your Teamwork Installation Domain}/launchpad/saml/auth
Please replace {Your Okta ExternalId} and {Your Teamwork Installation Domain} with the appropriate values.

Select Transient for the Name ID format, and choose Email for the Okta username.

The final stage of configuring your SAML application is to add three Attribute statements:
  • The first one will be named email and mapped to the user.email value
  • The second will be named firstname and mapped to user.firstName value
  • The last will be named lastname and mapped to the user.lastName value

The third page is simply an Okta feedback survey. You can fill this out however you would prefer.

Enabling SSO on Teamwork

After you press Finish, you will have configured your SAML application, and you will be taken to the Sign-on tab of the application page.

You will need to download your Identity Provider metadata - an XML file that describes the Identity Provider that you just set up, and get it uploaded to Teamwork.

Click the Identity Provider metadata link in order to download the metadata and include it in your SSO submission request via your Teamwork SSO site settings.

For more information, see: Single Sign-on (SSO) Overview