Okta User Management Integration

    August 28th, 2017

    Last updated: August 28th, 2017

      Teem’s integration with Okta allows mutual customers to log in to Teem via Okta.


      In order to use Okta SAML and/or User Provisioning you’ll need to fulfill a few requirements as listed below:

      • SAML is not available with all subscription levels. See our pricing page or reach out to your Teem representative for more information
      • The Teem account you’re using to log in must have admin-level permissions
      • Your company’s Teem account should have its structure built out to match your organization’s physical space.
      • You must have Admin level permissions within your Okta environment.
      • Be logged into your Teem account and Okta account within the same browser session.

      Got all that? Now you’re ready to set up and use Okta services!

      Okta SAML Integration

      Set Your Subdomain

      Navigate to teem.com and click on Manage from the menu to the left. Click on Teem Account, then Company Details. In the field for Teem SSO Sub-Domain enter your preferred subdomain. This is typically the name of your organization. For example, if my company was called Orca Panda, I'd enter "orcapanda" in the subdomain field, and it would make my subdomain site https://orcapanda.teem.com. Heads up: spaces and symbols are not allowed in subdomains.

      Okta SAML Integration Setup for Teem

      Add the EventBoard SAML app within your Okta Admin Dashboard

      Open the Okta Admin Dashboard and click on Applications, then "Add Application"

      Add Application | Teem and Okta

      Then search for "Teem" and click "Add" to begin the setup process

      Add Teem to Okta

      You'll be taken to the following setup screen, where you can choose a custom name for the application and where users will see the app:

      Add Teem General Okta Settings

      Next, you'll see the following page, where you can authenticate with Teem and enable provisioning:

      Add Teem Provisions Okta Settings

      First, click "Authenticate with Teem" and click "Authorize" when asked:

      Teem Autorization Okta Provisioning

      Once you've authenticated, you'll see that Teem is now authorized:

      Teem and Okta authorization Success

      You can now enable Provisioning to automatically pull your users into Teem from Okta (rather than setting them up one-by-one):

      Teem and Okta Provisioning Features

      Now that provisioning is set up, you're ready to enable the Teem app for your Okta users and finish setup:

      Teem Okta Assign to People Settings

      Push Okta Groups to Teem

      If you'd like to push your existing Okta groups to Teem, you can do so by selecting the Application, and then selecting "Push Groups." You can then select Okta groups to be used in Teem's admin dashboard.

      Push Okta Groups to Teem

      Get Okta Settings

      Next we'll need to add your company's Okta settings to your Teem dashboard. These settings can be found in Okta under "Sign On" -> "View Setup Instructions":

      Get Okta Settings Sign On

      This will pull up a page with all of your personalized Okta setup instructions. We will map those instructions directly to your Teem Dashboard at https://app.teem.com/integrations/settings/SAML/ (Note: SAML User Management is only available on our Enterprise and Premium EventBoard plans)

      Add Okta Settings to Teem

      Click on Manage → Apps & Integrations → 3rd Party Apps and select the Activate button under the SAML logo.

      Add Okta Settings to EventBoard

      You will see the following form:

      Integrations Settings Details Teem

      You will fill in these fields from the Okta setup page we accessed above, like so:

      How to Configure SAML 2.0 for Teem

      Friendly Name to call this SAML provider: You can put whatever you like. Please note: you should only have one SAML account, and we won't be able to differentiate between the two.

      Entity ID is copied directly from the Okta Setup Instructions 

      Signin Url is copied directly from the Okta Setup Instructions 

      TheX509cert is an excerpt from the .cert file that is accessed through the setup instructions. To get that:

      1. Open the .cert file linked in the the Setup Instructions with TextEdit, Notepad, or your favorite text editor
      2. Find "-----BEGIN CERTIFICATE-----" and copy everything after that line until "-----END CERTIFICATE-----" (do not include it those markers) then paste that in the X509Cert box.

      Select Save.

      If you go back to the Integrations page the SAML settings can be edited or viewed by clicking on Settings.

      Note: When Okta Provisioning is enabled, we recommend leaving the (redundant) "Allow Just-In-Time provisioning" checkbox un-checked

      Test Login

      Navigate to your subdomain login page that you set up in the first step. (https://xxxxxxx.teem.com/login). This will navigate you to your identity provider. If your email matches up and you are authenticated to Okta, you will be logged in.

      Enabling IdP-initiated Login

      If you'd like to enable IdP-initiated login, you can do so by following these quick instructions. First, we need to get your default relay state. In Integrations (noted above) select Configure (or click here) and look in the details section. Copy the UUID shown there.

      iIdP-initiated login Screen showing UUID for Teem

      Next, go to the Okta admin portal, in the Teem SAML application, and under Sign On select the Edit button for Settings.

      Okta Edit Settings Button

      Paste the UUID into the Default Relay State, change "Force Authentication" to match your needs, and then select save.

      Okta SAML 2.0 Default Relay State

      Troubleshooting Tips

      This list of common errors can allow you to troubleshoot on your own. If you have other problems please reach out to Teem support.

      • We do not currently support syncing the Admin status from Okta into Teem
      • I get a 500 error (page that says we are performing maintenance) during IdP-Initiated login. This is often caused by a missing RelayState.
      • Users get an error Teem account not found during IdP or SP initiated login. This can happen for a couple reasons:

      1. Has the user been successfully provisioned from Okta so that an admin can see the user within their Teem Dashboard? If they have not please provision them OR enable JIT provisioning (checkbox at the bottom of the Okta Integration Settings page in your Teem admin dashboard).

      2. The email is not coming within the SAML Assertion. Please use SAML Tracer, a firefox plugin, to get a SAML Trace and see the assertion. You can use this to send troubleshooting to both Teem and Okta. If the Assertion does not contain the email we don't know who to actually log on.

      With these steps done, your users can now sign in or authenticate using Okta!

      Was this article helpful?

      Send feedback

      Get In Touch With Us

      Start a Support Ticket