Okta

How to Configure SAML 2.0 for TeamViewer


Read this before you enable SAML

Enabling SAML will affect all users who use this application, which means that users will not be able to sign-in through their regular log-in page. They will only be able to access the app through the Okta service.

Backup URL

TeamViewer does not provide backup log-in URL where users can sign-in using their normal username and password. It is recommended to add an admin user with a different email domain when enabling SAML in TeamViewer.

Contents

Supported Features

The Okta/TeamViewer SAML integration currently supports the following features:

Configuration Steps

  1. Enable SAML through the TeamViewer website: https://www.teamviewer.com/en/credentials/enterprise-solutions/#requestEarlyAccess.

  2. The TeamViewer Support team will inform you when SAML is enabled for your account.

  3. Login to your TeamViewer account.

  4. Select Identity Provider Connection, then click Add domain:

    teamviewer_new1.png

  5. Enter the following:

    • Domain: Enter your domain.

    • Configuration: Select Metadata URL.

    • Metadata URL: Copy and paste the following:

      Sign in to the Okta Admin app to have this variable generated for you

    • Click Save & Next:

    teamviewer_new2.png

  6. The Single Sign-On Customer Identifier page will appear, click Generate Customer Identifier:

    teamviewer_newa.png

  7. Make a copy of the Customer Identifier value, then click Continue:

    teamviewer_newc.png

  8. After successfully adding the domain, you need to verify your domain ownership. To do so, create a new TXT record for your domain with the values shown on the verification page. After creating the new TXT record, start the verification process by clicking Start Verification.

    Note that the verification process can take several hours because of the DNS system.

    teamviewer_new3.png

  9. Once the verification is finished, click Save:

    teamviewer_new4.png

  10. In Okta, select the Sign On tab for the TeamViewer SAML app, then click Edit.

    • Enter your Customer Identifier value you made a copy of in step 7 into the corresponding field.

    • Click Save:

    teamviewer_newb.png

  11. Done!

Notes

The following SAML attributes are supported:


SP-initiated SSO

  1. Go to: https://login.teamviewer.com/LogOn.

  2. Enter your email.

  3. Click outside the E-Mail text field.

    4. teamviewer_new5.png

  4. You should be re-directed back to Okta to authenticate if you don’t have an existing Okta session.

  5. After successful authentication via Okta, you can now enter your TeamViewer password to complete the login.