Password after automated account creation with SSO + SCIM
Hi, I've setup automated account creation with SSO/SCIM in Azure. Works fine.
However, when a new user wants to logon with SSO in the Teamviewer client, he is asked to activate his account with his current Teamviewer password. Here's where the problem raises: the user doesn't have a password, neither do I as an administrator.
How do I solve this issue? Is there a default password for all SCIM-created accounts? Or do I need to reset passwords for all accounts? (that takes away the whole benefit of automating)
Answers
-
Anyone?
0 -
Hi TeamViewer,
I am having the same issue, SSO + SCIM and it auto creates the user in TV but asking for one time password. Why? this negates the whole point of automating. What needs to be done to fix this, any additional settings in the provisioning?
Please help as we are stuck here
Thanks
Kaif
0 -
For new accounts, the customer identifier must be specified in the user sync.
Please check the Optional Single Sign-On Attribute Mapping section of the following article to configure it correctly:
For updating existing accounts, please use the script I sent you via private message and proceed as follows:
- Rename the File from ".txt" back to ".ps1"
- Create an API Token with the following permissions:
User management: Create users, view users, edit users- Please check how to create this token in our documentation here: TeamViewer API Documentation
- Open PowerShell and run the Script with the Command
.\Update-TeamViewerUserSso -ApiToken 'MyApiToken' -SsoCustomerId 'MyCustomerId' -EmailDomain 'example.test' - Replace the Placeholder "Apitoken", "CustomerId" and "example.test" with your own values
I hope that this could help! 🍀 If not, please keep us posted!
Community Manager
0 -
I was able to fix this with Teamviewer Support. The documentation is contradictory.
For SSO, Teamviewer documentation refers to microsoft: Tutorial: Configure TeamViewer for automatic user provisioning with Azure Active Directory | Microsoft Docs . There, Microsoft instructs to use the Gallery App.
However, to implement SCIM, you should create a non-gallery app. This is only told in the SCIM documentation. Which is too late, because customers have already created the Gallery app at that point.
The gallery app is missing all the extra attributes. No option to add them.
2 -
I have set up the SSO (with non-gallery app) and SCIM as mentioned in the link below.
The user is synced to TeamViewer successfully. Now when the user tried to login to the teamviewer full client, a message comes up saying login is successful but then another message pops up saying "username and password you entered does not match" (both screenshots are below)
The SSO is not working and we are a bit disappointed. Are we supposed to create a one-time SSO password?
0 -
Update to this comment.
It worked, I had to switch to the new UI version of TeamViewer full client and SSO works perfectly. Then when I switch it back to the old UI it still works.
Can't understand why it did not work the first time and its going to be a pain to instruct users to do this.
0
