Teevity Documentation - Integration with external identity providers (SAML)

Integration with External Identity Providers (SAML)

Teevity lets you use a third-party service to manage the authentication of your users but also to define their cost perimeter trough the user attributes.

We support integration with Google Apps (G Suite), Okta, Azure AD or a generic SAML identity provider. In the SAML parlance, Teevity is the service provider.

On this page you will learn more about how to setup the integration and how to customize it.

Setup a SAML integration with Teevity

First you have to enable the integration on the External Identity section of the Preferences page:

Then select an identity provider:

Google Apps (G Suite) - documentation
Okta - documentation
Azure AD - documentation
Generic SAML Provider - general information about the SAML-based authentication flow

Regardless of the provider you have 2 methods to setup the integration :

with an IdP (Identity Provider) metadata file that your identity provider will provide during the setup of Teevity as a service provider
manually by entering the parameters in the form

Configuration with an IdP metadata file

Manual Configuration

In both cases you will find below the configuration Identity Provider info section the parameters to use Teevity as service provider.

For example with Google Apps (G Suite) you will have the ACS (Assertion Consumer Service) and Login urls (1) et (2) which are custom to your Teevity account.

The Attribute mapping section will show you how the email and role attributes of your users can be mapped in your identity provider (3)

Parameters of the integration

Once your integration is configured, you can select different options as how this integration will behave:

if enabled then every user which use the SAML-based login page will automatically have a Teevity account created otherwise the user account must be created beforehand on the users management page
If the SAML attributes coming from your Identity Provider will be saved in the Teevity account of the user.
Make the login only possible through the SAML integration
Disable the email notification when a new user account is created

When the SAML is configured and the users accounts created, you will find on the users management page, in the details of a user's attributes the SAML attributes listed as saml.<attribute>