Single Sign-On for Okta (2024)

TeamViewer Single Sign-On (SSO) aims to reduce user management efforts for large companies by connecting TeamViewer with identity providers and user directories.

This article applies to TeamViewer customers with an Enterprise/Tensorlicense.

Requirements

To use TeamViewer Single Sign-On, you need

  • a TeamViewer version 13.2.1080 or newer
  • a SAML 2.0 compatible identity provider (IdP)*
  • a TeamViewer account to access the Management Console and add domains
  • access to the DNS management of your domain to verify the domain ownership
  • a TeamViewer Tensor license.

TeamViewer configuration

Single Sign-On (SSO) is activated on a domain level for all TeamViewer accounts using an email address with this domain. Once activated, all users who sign into a corresponding TeamViewer account are redirected to the identity provider that has been configured for the domain.

For security reasons and to prevent abuse, it is required to verify the domain ownership before the feature is activated.

Add a new domain

To activate SSO, log in to Management Console selectCompany administrationand then theSingle Sign-Onmenu entry. Click onAdd domainand enter the domain you want to activate SSO for.

You also need to provide your identity provider’s metadata. There are three options available to do so:

  • via URL: enter your IdP metadata URL into the corresponding field
  • via XML: select and upload your metadata XML
  • Manual configuration: manually enter all necessary information. Please note that the public key must be a Base64 encoded string.

Once it's done, clickContinue.

Now, select the e-mail addresses or user groups you want to exclude from SSO and clickAdd domain.

Single Sign-On for Okta (2)

Create custom identifier

After the domain has been added, thecustom identifiercan be generated. This custom identifier is not stored by TeamViewer but is used for the initial configuration of SSO. It must not be changed at any point in time since this will breakSingle Sign-On, and a new setup will be necessary.Any random string can be used as a customer identifier. This string is later required for the configuration of the IDP. To generate the custom identifier, clickGenerate.

Single Sign-On for Okta (3)

Verify domain ownership

After a domain has been added successfully, you need to verify the domain ownership.

Single Sign-On will not be activated before the domain verification is completed.

To verify the domain, please create a new TXT record for your domain with the values shown on the verification page.

📌Note:The verification process can take several hours because of the DNS system.

📌Note: Depending on your domain management system, the description of the input fields may vary.

After creating the new TXT record, start the verification process by clicking on theStart verificationbutton.

📌Please notethat the verification process can take several hours because of the DNS system.

💡Hint: TeamViewer will look for the TXT verification record for 24 hours after starting the verification. If we cannot find the TXT record within 24 hours, the verification fails, and the status is updated accordingly. You need to restart the verification through this dialog in this case.

Identity Provider Setup with Okta

This section describes how to set-up Okta to be used as IdP for the TeamViewer SSO service.

💡Hint:You need to assign users to the application in Okta, depending on your settings.

Find theOkta documentation here.

Automatic configuration using the TeamViewer Okta app

1) Login to your Okta Administrator Dashboard

2) Add the TeamViewer application

3) Select SAML 2.0

  • Copy and save your metadata URL

4) Assign users to the application

5) Activate SAML using your metadata in the Domain Management in MCO

Manual Configuration using the Okta Web User Interface

Go to the administration interface and add a new SAML application. Specify the following values on theSAML Settingspage:

SettingsValue

Single Sign On URL

https://sso.teamviewer.com/saml/acs

Use this for Recipient URL and Destination URL
Allow this app to request other SSO URLs

Audience URI (SP Entity ID)

https://sso.teamviewer.com/saml/metadata

Default RelayState

-

Name ID Format

EmailAddress

Application username

Email

Advanced settingsValue

Response

Signed

Assertion Signature

Signed

Signature Algorithm

RSA-SHA256

Digest Algorithm

SHA256

Assertion Encryption

Encrypted

Encryption Algorithm

AES256-CBC

Key Transport Algorithm

RSA-OAEP

Encryption Certificate

Upload the public key of the TeamViewer SAML Service Provider.
Please refer to Technical Information for information how to get the certificate.

Enable Single Logout

No

Add the following attribute statements (Name Format - Unspecified):

📌Please note:The"Customer Identifier"that has been set initiallymust not change otherwise SSO will break.TeamViewer is not storing this value.

-More complex mapping-

📌Please note:Thevalueof theemailaddressattribute statement may include more complex mapping rules. Okta therefore provides you with an expression language You can see the official documentation about it here:https://developer.okta.com/reference/okta_expression_language/index

Company A has reserved two email address domains for its users -@a1.testand@a2.test. The Okta users have the@a1.testdomain associated to their account.

TeamViewer SSO should be enabled for the@a2.testemail addresses only.

The value for theemailaddressstatement could look like the following:

String.append(String.substringBefore(user.email, "@"), "@a2.test")

This causes the SAML response to include the correct email address.

TeamViewer Client Configuration

TeamViewer is compatible with Single Sign-On starting from version 13.2.1080.

Previous versions do not supportSingle Sign-On and can not redirect users to your identity provider during the login. The client configuration isoptionalbut allows changing the used browser for the SSO login of the IdP.

The TeamViewer client will use an embedded browser for the identity provider authentication by default. If you prefer to use the default browser of the operating system, you can change this behavior:

Windows:

HKEY_CURRENT_USER\Software\TeamViewer\SsoUseEmbeddedBrowser = 0 (DWORD)

macOS:

defaults write com.teamviewer.teamviewer.preferences SsoUseEmbeddedBrowser -int 0

📌Note: You need to restart the TeamViewer client after creating or changing the registry.

Single Sign-On for Okta (2024)

FAQs

What is a single sign-on SSO solution? ›

A single sign-on solution can simplify username and password management for both users and administrators. Users no longer have to keep track of different sets of credentials and can simply remember a single more complex password. SSO often enables users to just get access to their applications much faster.

Learn More Now
Is Okta used for single sign-on? ›

Okta provides SSO access to thousands of supported cloud-based applications through the Okta Integration Network (OIN). The integrations in the OIN can use OpenID Connect (OIDC), SAML, SWA, or proprietary APIs for SSO.

Get More Info Here
What are the benefits of using a single sign-on authentication service? ›

Security and compliance benefits of SSO

SSO reduces the number of attack surfaces because users only log in once each day and only use one set of credentials. Reducing login to one set of credentials improves enterprise security. When employees have to use separate passwords for each app, they usually don't.

Continue Reading
How do businesses benefit from implementing single sign-on SSO technology select two answers? ›

Providing a better user experience and simplifying their user management are ways that businesses benefit from implementing SSO.

Explore More
What is a major risk of using single sign-on SSO? ›

If a user successfully logs in via SSO and falls prey to a phishing attack, there is not always a simple solution. The attacker gets access to all the endpoints of the external applications within the cloud that the user is provisioned for. If the attack is detected, the user account can be disabled.

Show Me More
How do you solve SSO problems? ›

General troubleshooting
  1. In your IdP: Confirm that your Org ID, Entity ID, and ACS URL are all correct. Review the SAML attribute statements that you've entered. Regenerate the SAML metadata and replace it in Iterable.
  2. In Iterable: Check the SAML Domain field. Learn how. Replace the SAML metadata from your IdP.

Learn More Now
What is the difference between SSO and Okta? ›

OKTA is the Cloud-Based Software used to secure and manage the user authentication into the applications and for all the developers to create identity controls into the website, devices, applications, and web services. OKTA SSO is the single-sign-on that provides the whole authentication experience to the end-users.

Discover More Details
Who is Okta's biggest competitor? ›

Top Competitors and Alternatives of Okta

The top three of Okta's competitors in the Single Sign-On (SSO) category are OneLogin with 40.33%, OneAll with 22.47%, AWS Single Sign-On with 5.24% market share.

Read On
What is the difference between SSO and SAML? ›

Security Assertion Mark-up Language (SAML) is an authentication standard that allows for federated identity management and can support single sign-on (SSO). SSO is an authentication scheme that allows a user to log in with a single ID and password to any independent or federated software systems.

Read More
What are the benefits of Okta SSO? ›

It enables users to focus on memorizing one strong, unique password and reduces time-consuming and costly password resets. Seamless and secure user access: SSO provides real-time insight into which users accessed applications when and where from, allowing enterprises to protect the integrity of their systems.

Read The Full Story

Is SSO strong authentication? ›

SSO is secure but is a single point of failure; if the IdP account is compromised, many others may also be. MFA adds a step beyond inputting a password but is still relatively seamless. Logins across connected apps are easy once a user logs into the IdP account.

Show Me More
What are three benefits of single sign-on? ›

What are the Benefits of SSO?
  • Increased Productivity.
  • Improved Security.
  • Decreased IT Costs.
  • Improved Job Satisfaction for Employees.
  • Enhanced Customer Experience.
  • Increased Adoption Rates.
  • Tighter B2B Collaboration.
  • Regulatory Compliance.
May 15, 2023

See Details
What is one disadvantage for using single sign-on SSO in a smaller organization? ›

Loss of Control Over User Accounts: With single sign-on, organizations may lose control over user accounts. If a user loses or changes their credentials, the organization may not be able to regain access to their account. Increased Complexity: Single sign-on can be complex to implement and maintain.

View More
Which of the following is a disadvantage of single sign-on SSO? ›

Disadvantages of SSO include the following: It does not address certain levels of security each application sign-on might need. If availability is lost to apps that only allow SSO, users become locked out. If unauthorized users gain access, they could access more than one application.

Learn More
What are the risks of lack of SSO? ›

This can have a number of negative consequences, including: Loss of sensitive data: Without proper authentication measures in place, your business may be at risk of data breaches, which can result in the loss or theft of sensitive data such as customer or employee information.

Know More
What is single sign-on SSO using SAML? ›

Security Assertion Markup Language, or SAML, is a standardized way to tell external applications and services that a user is who they say they are. SAML makes single sign-on (SSO) technology possible by providing a way to authenticate a user once and then communicate that authentication to multiple applications.

Read On
What is single sign-on professional SSO solution for WordPress? ›

Single Sign-On for WordPress is a professional extension that automatically creates accounts and signs users in as they browse between multiple and independent WordPress blogs in your network.

Read More
What's the difference between single sign-on SSO and social sign-on? ›

The main difference between SSO (Single Sign-On) and social login is that SSO allows users to log in to multiple applications with a single set of credentials. In contrast, social login allows users to log in to one application using their social media account credentials.

Show Me More
What is the difference between SSO and non SSO login? ›

While SSO enables users to log in with a single, secure password, non-SSO means that a user is required to log into each individual account that they are using each time they want to access it.

Discover More
Top Articles
Hibiscus, lemongrass, Basil and Honey Sweet Iced Tea
The Ultimate Guide to Kitchen Faucets: 8 Things to Consider Before Buying
USF protesters arrested at pro-Palestinian campus rally
How to access and download your X data | X Help
Latest Posts
Sparkling Hibiscus Mocktail - Dash of Jazz
The 9 Best Raised Garden Beds for All Your Planting Needs
Article information

Author: Foster Heidenreich CPA

Last Updated:

Views: 5901

Rating: 4.6 / 5 (56 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Foster Heidenreich CPA

Birthday: 1995-01-14

Address: 55021 Usha Garden, North Larisa, DE 19209

Phone: +6812240846623

Job: Corporate Healthcare Strategist

Hobby: Singing, Listening to music, Rafting, LARPing, Gardening, Quilting, Rappelling

Introduction: My name is Foster Heidenreich CPA, I am a delightful, quaint, glorious, quaint, faithful, enchanting, fine person who loves writing and wants to share my knowledge and understanding with you.