Set Up Teamwork.com SSO with Duo - Teamwork.com Support

✔ Available with the paid Advanced Security add-on

What	Set up single sign-on (SSO) to Teamwork.com by adding a SAML application to your Duo account.
Who	Site admins (in the owner company) can set up and manage the site's SSO.

What	Set up single sign-on (SSO) to Teamwork.com by adding a SAML application to your Duo account.
Who	Site admins (in the owner company) can set up and manage the site's SSO.

Before you start

SSO is included as part of Teamwork.com's paid Advanced Security add-on. You can purchase the add-on in addition to your main Teamwork.com subscription.

Duo SSO setup

Step 1: Create the app

Log in to Duo.
Navigate to the admin panel.
Select Applications.
Click Protect an application.
Search for "Generic SAML Service Provider."
Download the SAML metadata XML. The Duo entity ID is also displayed.
📝 This XML file must be included in your SSO submission request via your Teamwork.com SSO site settings.

Step 2: Configure the app

Navigate to the Service Provider section.

Enter the following values:

Entity ID The trailing slash is required here.
https://YOUR-TEAMWORK-DOMAIN.COM/

ACS URL
https://YOUR-TEAMWORK-DOMAIN.COM/singlesignon/v1/saml/acs

Default RelayState

https://YOUR-TEAMWORK-DOMAIN.COM/launchpad/saml/start

This is optional — it allows users to log in via Duo directly.

Entity ID The trailing slash is required here.
https://YOUR-TEAMWORK-DOMAIN.COM/

ACS URL
https://YOUR-TEAMWORK-DOMAIN.COM/singlesignon/v1/saml/acs

Default RelayState

https://YOUR-TEAMWORK-DOMAIN.COM/launchpad/saml/start

This is optional — it allows users to log in via Duo directly.

Navigate to the SAML Response section.
Use the following:

NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
Signature algorithm: sha256
Signing options: You can select both "Sign response" and "Sign assertion."

Map the attributes you want to pass to Teamwork.com:
Attribute
→
Outgoing
<Email Address>
→
email
<First Name>
→
firstname
<Last Name>
→
lastname
<Username>
→
nameID
Attribute
→
Outgoing
<Email Address>
→
email
<First Name>
→
firstname
<Last Name>
→
lastname
<Username>
→
nameID
Configure the rest of the settings as needed. You may want to set the application's name to "Teamwork."
Save the app settings.

Attribute	→	Outgoing
<Email Address>	→	email
<First Name>	→	firstname
<Last Name>	→	lastname
<Username>	→	nameID

Attribute	→	Outgoing
<Email Address>	→	email
<First Name>	→	firstname
<Last Name>	→	lastname
<Username>	→	nameID

Step 3: Submit an SSO request to Teamwork.com

After configuring your Duo app settings, you must submit an SSO request to Teamwork.com to complete the setup.

Logging in to Teamwork.com

Once your IdP is configured correctly in Duo and your SSO request is submitted and completed, valid users that can access your Teamwork.com installation can log in to your Teamwork.com site with Duo via SSO.