With all Teamwork products, your users can sign into your site by adding a SAML Application to your Okta account.
Note: Teamwork’s SSO offering is part of the paid Advanced Security add-on which you can purchase in addition to your Teamwork subscription.
Creating the app
From the Applications screen of your Okta admin console, click Add Applications.
On the next page, choose Create New App.
In the following dialogue select Web as the Platform, and choose SAML 2.0 as the sign-on method.
Give your app a name, such as "Teamwork SSO" for instance. If you would like to add the Teamwork logo for your users, you can download it from the Teamwork press media kit.
Note: You will have to scale down the image to follow Okta's maximum image size limit.
Configuring the App
In step 2: Configure SAML, enter this info in the SAML Settings:
- Single sign on URL: https://YOURINSTALLATION.teamwork.com/singlesignon/v1/saml/acs
- Audience URI: https://YOURINSTALLATION.teamwork.com/ (the trailing slash is important here)
- Default RelayState: https://YOURINSTALLATION.teamwork.com/launchpad/saml/start
- (optional - will allow users to log in via the teamwork tile in Okta directly)
- Name ID format: Transient
- Application username: Email
- Attribute Statements:
| Name|| Value|
Subsitute "YOURINSTALLATION" with the subdomain of your installation.
Your configuration should look similar to this:
The third step (Feedback) is simply an Okta feedback survey. You can fill this out however you would prefer.
Enabling SSO on Teamwork
After you press Finish, you will have configured your SAML application, and you will be taken to the Sign-on tab of the application page.
Click the "View SAML setup instructions" button on the bottom right of this page.
Copy the IDP Metadata at the bottom of the page:
This is the content of an XML file that you must include in your SSO submission request via your Teamwork SSO site settings.
For more information, see: Single Sign-on (SSO) Overview