Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications.

The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.

Teamwork products enable SSO via SAML (Security Assertion Markup Language: an XML standard that allows secure web domains to exchange user authentication and authorization data).

Essentially, it removes the need for your users to log into multiple applications in a particular browser session. Once they log in to one application via SSO, it exchanges authentication/authorization data with another service you have SSO set up with and automatically logs the user in.


What Teamwork SSO offers

Teamwork’s SSO offering allows your users to login to the following Teamwork platforms on both Web & Mobile

  • Projects
  • Desk
  • Chat
Note: Single sign-on (SSO) is available only on Enterprise subscriptions.

Teamwork will auto-provision the user if they have never used Teamwork product before, if that user exists in the customers directory service and if they have permission to access Teamwork and therefore verified by Identity Provider (this can be disabled).

Please ensure that your IDP is locked down and can only provision users for your business. The users created by auto-provisioning will be added the the Teamwork site owner Company.

Currently the following is not available with our SSO offering:

  • Helpdocs login
  • Desk Customer Portal
  • Managing user permissions
If you feel that SSO access on our Help Docs, Customer Portal or the ability to manage user permissions would be of use to you, please let our team know on support@teamwork.com so that we can share your thoughts with our developers.


Enabling SSO

Client Configuration

Depending on your provider, please follow the relevant guide below:

If your provider is not listed here, please notify your Enterprise Success Manager and we can review this and help assist you with configuration.

Note: For EU hosted sites you will need to change all references in the above guides of teamwork.com to eu.teamwork.com.

Teamwork Configuration

You will need to download your Identity Provider metadata - an XML file that describes the Identity Provider that you just set up.

Once downloaded, simply share this file with our Security Team via security@teamwork.com and cc your Enterprise Success Manager.

Once received, our security team will enable SSO and the sign in option will be made available on your site.

Login

Once SSO has been enabled by our Security Team, your users will be presented with this sign-in option when attempting to access your Teamwork.com site as seen in the screenshot below:

We offer 3 options of customization to your login page:

  • Dual login (Lead with User/Pass)
  • Dual login (Lead with SSO)
  • SSO Only
If you run into any challenges with your SSO setup, please reach out to our Security Team security@teamwork.com, who will be more than happy to help.