You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Teamwork Cloud authentication server can be integrated with a third-party Identity Provider, which supports SAML v2.0 protocol. In this integration, the authentication server acts as a Service Provider. Integration with the SAML v2.0 Identity Provider allows authentication for users from the Identity Provider.

Before integration:

  • Install and configure the SAML v2.0 Identity Provider if you do not already have it.
  • Make sure that the SAML v2.0 Identity Provider uses stateful sessions.

  • Configure the Identity Provider to map the appropriate user attribute to the SAML Name ID (for example, add urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName=uid to the mapping).

Successful authentication requires one of the following:


To integrate with the SAML v2.0-based Identity Provider

  1. Export the SAML v2.0 Identity Provider metadata so you can upload it when configuring the SAML integration (the next step).
  2. In the SAML page of the Settings application, configure the authentication server for SAML integration.
  3. Download the Service Provider metadata in one of the following ways:
    • In the Settings application, select SAML, open the Service provider metadata tab, and click the Download metadata button.
    • In a web browser, go to https://<auth-server-host>:<auth-server-port>/authentication/saml2/metadata.
  4. Register a remote Service Provider in a third-party product and provide the Service Provider metadata downloaded in the previous step.

  5. If needed, fill in the attributes mapping in the registered Service Provider. You can select the Identity Provider's user attribute and map it to the Teamwork Cloud user attribute. Currently, Teamwork Cloud supports the following attribute names: nameemailmobiledepartment.

    The values of mapped attributes can be saved in Teamwork Cloud only if a new Teamwork Cloud user is created automatically after the first successful authentication. Attributes are not updated after subsequent successful authentications.

  6. Optionally, test SAML authentication by doing the following:
    1. Open the Settings application and select SAML to open the SAML configuration page.
    2. In the Test authentication tab, click the Test SAML authentication button.



    3. On the authentication page, click the SAML authentication button and sign in.


If you sign in successfully, the SAML integration is complete, and users should be able to sign in to the server via the SAML v2.0 Identity Provider.