SAML Basics for Teem

    August 7th, 2019

    Last updated: August 7th, 2019

      SAML allows you to have a Teem account without needing to know another login, and makes logging into Teem effortless and secure, as users are automatically logged in so long as they’re simultaneously logged in to the SAML account. It can also automatically provision/de-provision users as they’re activated/deactivated within your SAML provider.

      Teem’s SAML integrations

      Setting up SAML for Teem

      1. Set your unique Teem subdomain

      Navigate to and click on Manage from the menu to the left. Click on Teem Account, then Company Details. In the field for Teem SSO Sub-Domainenter your preferred subdomain. This is typically the name of your organization. For example, if my company was called Orca Panda, I'd enter "orcapanda" in the subdomain field, and it would make my subdomain site Heads up: spaces and symbols are not allowed in subdomains. Setting up SAML Teem Subdomain

      2. Look up your SAML settings

      From your SAML provider you will need the following: Entity ID, Login URL, and the X509 certificate. Depending on your provider these may come from different areas, but these standard pieces of information should be readily accessible for you.

      3. Add SAML Settings to Teem

      Navigate to your Teem admin dashboard. Select the Apps & Integrations tab from the left menu. A new stackable menu will appear, select the 3rd Party Apps tab. Locate SAML and click the Activate button under the SAML logo.

      Adding SAML Settings to Teem 3rd Party Apps

      You will then see the Integration Settings form: Integrations Settings Teem SAML

      Enter the following into the Integration Settings form:

      • Friendly Name to call this SAML Provider: a nickname that you’ll use to identify this account.Please note:you should only have one SAML account, and we won't be able to differentiate between two.
      • Entity ID: the Entity ID retrieved in Step 2
      • Sign-in URL: the Login URL retrieved in Step 2
      • X509 certificate: the text (possibly from the .cert file) copied from the X509 certificate retrieved in Step 2. If the X509 certificate is a file, open the file with TextEdit, Notepad, or your favorite text editor, copy the contents between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- (do not include those markers) and paste that in the X509 certificate box.

      Select Save.

      4. Test your login

      Navigate to your subdomain page that you set up in the first step (https://<subdomain> This will bring you to your identity provider and if your email matches up and you are authenticated via your SAML provider, you will be automatically logged in to Teem.

      5. Enabling IdP-initiated Login

      Now, we need to get your default relay state. Navigate back to the 3rd Party Apps and click on the Settings button under the SAML logo. Copy the Uuid from the Details box on the right side of the screen. Enabling IdP-initiated Login

      The location for changing the default relay state varies by provider. Refer to your identity provider’s documentation for details on changing the default relay state to enable IdP-Initiated Login.

      Additional variables

      Your SAML provider may request a few more variables, in addition to those above. The following list provides additional variables that we’ve seen SAML providers request in the past, but if a field is missing please reach out to us and let us know.

      ACS (Consumer)URL=
      LoginURL= https://<your subdomain>
      Custom Parameters:
      Email= Email
      urn:oid:0.9.2342.19200300.100.1.1= Email
      urn:oid:0.9.2342.19200300.100.1.3= Email
      urn:oid: Last Name
      urn:oid: First Name
      X.509 CertificateStrength= 2048 bit

      **Replace <your subdomain> with the subdomain that you set in Step 1

      Provisioning Users

      There are two options for provisioning users. First is Just In Time provisioning, which you can optionally turn on by selecting the checkbox at the bottom of the SAML integration settings page. If you do not want to turn on JIT provisioning, you can send us a CSV of users and we can pull that into your account for you.

      Logging In With SAML

      To log in simply to go the subdomain specific to your account. Your Teem Administrator should be able to provide this to you.

      To use, please go to your subdomain. For instance, if my subdomain was, I would navigate to This would immediately initiate the login process, and send you to the login URL of your Identity Provider, and after success immediately log you into Teem.

      Was this article helpful?

      Send feedback

      Get In Touch With Us

      Start a Support Ticket