Okta User Management Integration

Teem’s integration with Okta allows mutual customers to log in to Teem via Okta.

In this article:

Teem’s integration with Okta allows mutual customers to log in to Teem via Okta.

Prerequisites

In order to use Okta SAML and/or User Provisioning you’ll need to fulfill a few requirements as listed below:

  • SAML is not available with all subscription levels. See our pricing page or reach out to your Teem representative for more information
  • The Teem account you’re using to log in must have admin-level permissions
  • Your company’s Teem account should have its structure built out to match your organization’s physical space.
  • You must have Admin level permissions within your Okta environment.
  • Be logged into your Teem account and Okta account within the same browser session.

Got all that? Now you’re ready to set up and use Okta services!

Okta SAML Integration

Set Your Subdomain

Navigate to teem.com and click on Manage from the menu to the left. Click on Teem Account, then Company Details. In the field for Teem SSO Sub-Domain enter your preferred subdomain. This is typically the name of your organization. For example, if my company was called Orca Panda, I'd enter "orcapanda" in the subdomain field, and it would make my subdomain site https://orcapanda.teem.com. Heads up: spaces and symbols are not allowed in subdomains.

Okta SAML Integration Setup for Teem


Add the EventBoard SAML app within your Okta Admin Dashboard

Open the Okta Admin Dashboard and click on Applications, then "Add Application"

Add Application | Teem and Okta

Then search for "Teem" and click "Add" to begin the setup process

Add Teem to Okta

You'll be taken to the following setup screen, where you can choose a custom name for the application and where users will see the app:

Add Teem General Okta Settings


Next, you'll see the following page, where you can authenticate with Teem and enable provisioning:

Add Teem Provisions Okta Settings

First, click "Authenticate with Teem" and click "Authorize" when asked:

Teem Autorization Okta Provisioning

Once you've authenticated, you'll see that Teem is now authorized:

Teem and Okta authorization Success

You can now enable Provisioning to automatically pull your users into Teem from Okta (rather than setting them up one-by-one):

Teem and Okta Provisioning Features

Now that provisioning is set up, you're ready to enable the Teem app for your Okta users and finish setup:

Teem Okta Assign to People Settings

Push Okta Groups to Teem

If you'd like to push your existing Okta groups to Teem, you can do so by selecting the Application, and then selecting "Push Groups." You can then select Okta groups to be used in Teem's admin dashboard.

Push Okta Groups to Teem

Get Okta Settings

Next we'll need to add your company's Okta settings to your Teem dashboard. These settings can be found in Okta under "Sign On" -> "View Setup Instructions":

Get Okta Settings Sign On

This will pull up a page with all of your personalized Okta setup instructions. We will map those instructions directly to your Teem Dashboard at https://app.teem.com/integrations/settings/SAML/ (Note: SAML User Management is only available on our Enterprise and Premium EventBoard plans)

Add Okta Settings to Teem

Click on Manage → Apps & Integrations → 3rd Party Apps and select the Activate button under the SAML logo.

Add Okta Settings to EventBoard

You will see the following form:

Integrations Settings Details Teem

You will fill in these fields from the Okta setup page we accessed above, like so:

How to Configure SAML 2.0 for Teem

Friendly Name to call this SAML provider: You can put whatever you like. Please note: you should only have one SAML account, and we won't be able to differentiate between the two.

Entity ID is copied directly from the Okta Setup Instructions 

Signin Url is copied directly from the Okta Setup Instructions 

TheX509cert is an excerpt from the .cert file that is accessed through the setup instructions. To get that:

  1. Open the .cert file linked in the the Setup Instructions with TextEdit, Notepad, or your favorite text editor
  2. Find "-----BEGIN CERTIFICATE-----" and copy everything after that line until "-----END CERTIFICATE-----" (do not include it those markers) then paste that in the X509Cert box.

Select Save.

If you go back to the Integrations page the SAML settings can be edited or viewed by clicking on Settings.

Note: When Okta Provisioning is enabled, we recommend leaving the (redundant) "Allow Just-In-Time provisioning" checkbox un-checked

Test Login

Navigate to your subdomain login page that you set up in the first step. (https://xxxxxxx.teem.com/login). This will navigate you to your identity provider. If your email matches up and you are authenticated to Okta, you will be logged in.

Enabling IdP-initiated Login

If you'd like to enable IdP-initiated login, you can do so by following these quick instructions. First, we need to get your default relay state. In Integrations (noted above) select Configure (or use this link: https://app.teem./integrations/settings/SAML/) and look in the details section. Copy the UUID shown there.

iIdP-initiated login Screen showing UUID for Teem

Next, go to the Okta admin portal, in the Teem SAML application, and under Sign On select the Edit button for Settings.

Okta Edit Settings Button


Paste the UUID into the Default Relay State, change "Force Authentication" to match your needs, and then select save.

Okta SAML 2.0 Default Relay State

Troubleshooting Tips

This list of common errors can allow you to troubleshoot on your own. If you have other problems please reach out to Teem support.

  • We do not currently support syncing the Admin status from Okta into Teem
  • I get a 500 error (page that says we are performing maintenance) during IdP-Initiated login. This is often caused by a missing RelayState.
  • Users get an error Teem account not found during IdP or SP initiated login. This can happen for a couple reasons:

1. Has the user been successfully provisioned from Okta so that an admin can see the user within their Teem Dashboard? If they have not please provision them OR enable JIT provisioning (checkbox at the bottom of the Okta Integration Settings page in your Teem admin dashboard).

2. The email is not coming within the SAML Assertion. Please use SAML Tracer, a firefox plugin, to get a SAML Trace and see the assertion. You can use this to send troubleshooting to both Teem and Okta. If the Assertion does not contain the email we don't know who to actually log on.

With these steps done, your users can now sign in or authenticate using Okta!

We hope this helps! If you have any questions, please feel free to reach out to us by email or phone at: support@teem.com, 415-830-6989.

Can't Find What You're Looking For?

Our award-winning customer care team is here for you.

Contact Support