1. Home
  2. Microsoft Azure Entra ID SSO: OIDC and SCIM Integration

Microsoft Azure Entra ID SSO: OIDC and SCIM Integration

This guide shows you how to configure Azure Entra ID (formerly Azure Active Directory or Azure AD) for Single-Sign-On with Teamup.

Request one or more SSO domain names

Contact Teamup Support (support@teamup.com) to request an SSO domain to be set up for you. Once we create it for you you may proceed with the steps below.

Login to your Microsoft account

Login to Microsoft Azure and choose Microsoft Entra ID from the home screen.

Single-Sign-On Configuration

Add a new application registration

Find the menu below in quick actions, or navigate to App registrations > New registration

Enter your Application Name (e.g. ‘Teamup – My Organization Name‘). Select Accounts in this organizational directory only (MSFT only – Single tenant), then select Web for the Redirect URI and enter https://teamup.com/oidc/authenticate in the field next to Web type.

Generate a client secret

Navigate to Certificates & secrets > New client secret to create a client secret.

 

IMPORTANT: Copy the Value of the secret right after creation as it will not be visible anymore later on.

Configure the SSO integration on Teamup

Open the Trusted Domains page and edit the domain you want to configure.

Gather the secret value from the previous step, as well as the Application (client) ID and Directory (tenant) ID from the Overview page (pictured below).

Enter these three pieces of information in the form to configure things as such, taking care to replace italicized text by their respective values:

Issuer: https://login.microsoftonline.com/{Directory (tenant) ID}/v2.0

Client ID: Application (client) ID

Client Secret: secret value from above

Save the parameters and you should now be able to log out of Teamup and log in again via SSO. After entering your email in the login form you will see a “Log in via Single-Sign-On” link below, or be redirected to the SSO login directly depending on your domain configuration.

User and group provisioning via SCIM

[TODO create an SCIM secret via your Trusted Domain page]

Login to Microsoft Azure and choose Microsoft Entra ID from the home screen.

Add a new Enterprise application

Find the menu below in quick actions, or navigate to Enterprise applications > New application

Select “+ Create your own application” on top and enter your Application Name (e.g. ‘Teamup SCIM‘). Select Integrate any other application you don’t find in the gallery (Non-gallery) then Create it.

Configure provisioning

Go to Provisioning in the sidebar and then Get Started.

Select Automatic as provisioning mode, enter “https://teamup.com/scim/v2/” as Tenant URL, and then the secret you got from Teamup as Secret Token. You can then test the connection and save it if all is well. Provisioning users and groups to Teamup should now be fully set up.

Updated on December 13, 2023
WordPress Cookie Notice by Real Cookie Banner