This guide shows you how to configure Okta for Single-Sign-On with Teamup. See also our Okta SCIM integration guide.
Supported features
The Teamup Okta integration allows you to use Service Provider Initiated (SP-Initiated) and Identity Provider Initiated (IdP-Initiated) SSO flows.
Request one or more SSO domain names
Contact Teamup Support (support@teamup.com) to request an SSO domain to be set up for you. An active Enterprise level subscription is required to enable SSO. You can upgrade yourself at any time.
Once you have obtained the SSO domain name, you may proceed with the steps below.
Login to your Okta Admin Dashboard
Login to the Okta Admin and choose Applications > Applications from the sidebar.
Single-Sign-On Configuration
Add the Teamup integration to Okta
Click the Browse App Catalog button in Applications, and search for Teamup to find the Teamup Calendar application. Add the integration by clicking Done here:
Configure the SSO integration on Teamup
Open the Trusted Domains page and edit the domain you want to configure.
Gather the Client ID and Client secret from the Okta integration’s Sign On page (pictured below).
Enter these three pieces of information in the Teamup domain form to configure things as such, taking care to replace italicized text by their respective values:
Issuer: https://{Your Sub-Domain}.okta.com
Client ID: Client ID value from above
Client Secret: Client Secret value from above
Save the parameters and you should now be able to log out of Teamup and log in again via SSO. After entering your email in the login form you will see a “Log in via Single-Sign-On” link below, or be redirected to the SSO login directly depending on your domain configuration.
If you also want to support provisioning via SCIM, you should also click “Edit” on the Okta application and make sure to set “Application username format” to “Email” as seen below, then Save.
Testing Single Sign-On
After you have configured SSO for your domain verify that it works. By default, SSO is configured to be optional. That means that users with existing Teamup accounts can still log in without SSO and new users can still register for a Teamup account without SSO.
Steps to test SSO with your organization’s login:
- Navigate to https://teamup.com/login (make sure you are not logged in).
- On the login form, enter an email address of the domain for which you have enabled SSO. Then click “Continue”.
- The server detects that SSO has been enabled for that domain and offers a link “Login via Single-Sign-On” below the login button.
- Follow the link “Login via Single-Sign-On” and on the next view click “Log in”. If everything is set up correctly, your browser will now be forwarded to the login page of your organization’s identity provider.
- Log in with your organization’s email address and password. If successful, your browser will be forwarded to your Teamup dashboard.
A note for users with existing Teamup accounts: On your first SSO login, your Teamup account will be converted to an SSO account. It will not be possible anymore to log in with your Teamup password.