1. Home
  2. Single Sign-On with Google Workspace: OIDC Integration

Single Sign-On with Google Workspace: OIDC Integration

Single sign-on (SSO) is an authentication method that allows users to access multiple apps, systems, and tools with a single set of credentials. It’s a way to streamline the authentication process while utilizing an organization’s enterprise security infrastructure.

If your organization requires SSO and would like to add Teamup to your list of SSO-enabled applications, this is the right place to get started.

We currently support Google Workspace accounts with SCIM integration. This guide shows you how to configure Google Workspace for Single-Sign-On with Teamup (public beta).

Request one or more SSO domain names

Contact Teamup Support (support@teamup.com) to request an SSO domain to be set up for you. An active Enterprise level subscription is required to enable SSO. You can upgrade yourself at any time.

Once you have obtained the SSO domain name, you may proceed with the steps below.

Login to the Google Cloud Console

Login to Google Cloud Console, create a new project for the Teamup integration, then choose APIs & Services > Credentials from the home screen.

Single-Sign-On Configuration

Add a new OAuth client configuration

Find the menu above, and choose + Create Credentials > OAuth client ID

Select Web application as Application type. Enter your application Name (e.g. ‘Teamup – My Organization Name‘). Finally, add an Authorized redirect URIs and enter https://teamup.com/oidc/authenticate

 

Press CREATE to finalize the application and copy the Client ID as well as Client secret which you will need in the next step.

Configure the SSO integration on Teamup

Open the Trusted Domains page and edit the domain you want to configure.

Enter these three pieces of information in the form to configure things as such, taking care to replace italicized text by their respective values:

Issuer: https://accounts.google.com

Client ID: client ID from the last step

Client Secret: secret value from the last step

Save the parameters and you should now be able to log out of Teamup and log in again via SSO. After entering your email in the login form you will see a “Log in via Single-Sign-On” link below, or be redirected to the SSO login directly depending on your domain configuration.

Configure the Google login screen

Back in the Google Cloud Console, open the OAuth consent screen from the left side menu to configure the screen people will see when they log in.

For User Type you should first choose Internal to ensure that Google imposes no restrictions on the amount of users login in through the integration. Then Create the consent screen, configure the App name and copy the logo below if you like.

Make sure to add teamup.com to the Authorized domains. You can then save and continue, the Scopes and further screens do not need any configuration.

Testing Single Sign-On

After you have configured SSO for your domain verify that it works. By default, SSO is configured to be optional. That means that users with existing Teamup accounts can still log in without SSO and new users can still register for a Teamup account without SSO.

Steps to test SSO with your organization’s login:

  1. Navigate to https://teamup.com/login (make sure you are not logged in).
  2. On the login form, enter an email address of the domain for which you have enabled SSO. Then click “Continue”.
  3. The server detects that SSO has been enabled for that domain and offers a link “Login via Single-Sign-On” below the login button.
  4. Follow the link “Login via Single-Sign-On” and on the next view click “Log in”. If everything is set up correctly, your browser will now be forwarded to the login page of your organization’s identity provider.
  5. Log in with your organization’s email address and password. If successful, your browser will be forwarded to your Teamup dashboard.

A note for users with existing Teamup accounts: On your first SSO login, your Teamup account will be converted to an SSO account. It will not be possible anymore to log in with your Teamup password.

Updated on June 26, 2024
WordPress Cookie Notice by Real Cookie Banner