Okta User Management Integration

Teem’s integration with Okta allows mutual customers to log in to Teem via Okta.

In this article:

Teem’s integration with Okta allows mutual customers to log in to Teem via Okta.

Prerequisites

In order to use Okta SAML and/or User Provisioning you’ll need to fulfill a few requirements as listed below:

  • SAML is not available with all subscription levels. See our pricing page or reach out to your Teem representative for more information
  • The Teem account you’re using to log in must have admin-level permissions
  • Your company’s Teem account should have its structure built out to match your organization’s physical space.
  • You must have Admin level permissions within your Okta environment.
  • Be logged into your Teem account and Okta account within the same browser session.

Got all that? Now you’re ready to set up and use Okta services!

Okta SAML Integration

Set Your Subdomain

Navigate to teem.com and click on Manage from the menu to the left. Click on Teem Account, then Company Details. In the field for Teem SSO Sub-Domain enter your preferred subdomain. This is typically the name of your organization. For example, if my company was called Orca Panda, I'd enter "orcapanda" in the subdomain field, and it would make my subdomain site https://orcapanda.teem.com. Heads up: spaces and symbols are not allowed in subdomains.

Okta SAML Integration Setup for Teem

Add the EventBoard SAML app within your Okta Admin Dashboard

Add EventBoard SAML within OktaGet Okta Settings

Go into the EventBoard SAML app in Okta, and under Sign On, select View Setup Instructions. This will provide us the details we need to associate EventBoard to use Okta.

View Setup Instructions ButtonThe key things that you need here are 2, 3, and 4. Keep this open.

Add Okta Settings to EventBoard

Click on Manage → Apps & Integrations → 3rd Party Apps and select the Activate button under the SAML logo.

Add Okta Settings to EventBoard

You will see the following form:

Integrations Settings Details TeemEnter the following:

Friendly Name to call this SAML provider is arbitrary so that you can identify this account. You can put whatever you like for the name.Please note: you should only have one SAML account, and we won't be able to differentiate between the two.

Entity ID is copied from the Okta Setup Instructions accessed before

Url is the Sign-in URL from the Okta Setup Instructions accessed before

TheX509cert is the text from the .cert file that is accessed through the setup instructions. To get that open the .cert file linked in the the Setup Instructions, open with TextEdit, Notepad, or your favorite text editor, copy the contents between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- (do not include it those markers) and paste that in the X509Cert box.

Select Save.

If you go back to the Integrations page the SAML settings can be edited or viewed by clicking on Settings.

SAML Configuration Details Test Login

Navigate to your subdomain login page that you set up in the first step. https://<subdomain>.eventboard.io/login. This will navigate you to your identity provider and if your email matches up and you are authenticated to Okta, you will be logged in.

Enabling IdP-initiated Login

First, we need to get your default relay state. In Integrations (noted above) select Configure and then look in the information section. The UUID is shown there, and you will need to copy this.

Teem Test Login Integration Settings

Now go to the Okta admin portal, go into the EventBoard SAML application, and under Sign On select the Edit button for Settings.

Okta Edit Settings ButtonPaste in the Default Relay State that you obtained, change the Force Authentication to match your needs, and then select save. This will completed the IdP-initiated Login.

Okta SAML 2.0 Default Relay StateProvisioning Users with Okta

Introduction

This section goes through the instructions of setting up provisioning of EventBoard users with Okta. This step should be completed after Teem and Okta are integrated.

Features

With Okta we are able to support the following provisioning features:

  • Create Users
  • Update User Attributes
  • Deactivate Users

We do not have the ability to sync password. This is a design choice by Teem. Users that are configured by Okta can not have a password set, and can only use Okta login to access

Configuration Steps

Configure your Provisioning settings for EventBoard as follows:

1. Check the Enable provisioning features box

EventBoard Provisioning Features Box

Enable Provisioning Features Teem2. In the API Authentication section, click Authenticate with EventBoard SAML

Authenticate API Authentication EventBoard SAML3. Within Teem select Authorize

4. You are now authenticated, and can now select which provisioning features to enable.

5. Within the Provisioning tab check the features you would like to enable and select Next.

API Authentication Settings Provisioning

6. You can now assign users and sync groups to the app as needed.

Assign Users and Sync Groups

Groups Assigned EventBoard SAML OktaOkta Push Groups to EventBoard SAML

Troubleshooting Tips

This list of common errors can allow you to troubleshoot on your own.If you have other problems please reach out to Teem support.

  • We do not currently support syncing the Admin status from Okta into Teem
  • I get a 500 error (page that says we are performing maintenance) during IdP-Initiated login. This is often caused by a missing RelayState.
  • Users get an error Teem account not found during IdP or SP initiated login. This can happen for a couple reasons:

1. Has the user been successfully provisioned from Okta so that an admin can see the user within their Teem Dashboard? If they have not please provision them OR enable JIT provisioning (checkbox at the bottom of the Okta Integration Settings page in your Teem admin dashboard).

2. The email is not coming within the SAML Assertion. Please use SAML Tracer, a firefox plugin, to get a SAML Trace and see the assertion. You can use this to send troubleshooting to both Teem and Okta. If the Assertion does not contain the email we don't know who to actually log on.

With these steps done, your users can now sign in or authenticate using Okta!

We hope this helps! If you have any questions, please feel free to reach out to us by email or phone at: support@teem.com, 415-830-6989.

Can't Find What You're Looking For?

Our award-winning customer care team is here for you.

Contact Support