Password after automated account creation with SSO + SCIM

CW_Alias Posts: 4 ✭✭
edited September 2021 in TeamViewer Tensor

Hi, I've setup automated account creation with SSO/SCIM in Azure. Works fine.

However, when a new user wants to logon with SSO in the Teamviewer client, he is asked to activate his account with his current Teamviewer password. Here's where the problem raises: the user doesn't have a password, neither do I as an administrator.

How do I solve this issue? Is there a default password for all SCIM-created accounts? Or do I need to reset passwords for all accounts? (that takes away the whole benefit of automating)


  • CW_Alias
    CW_Alias Posts: 4 ✭✭


  • mkaif22
    mkaif22 Posts: 9 ✭✭

    Hi TeamViewer,

    I am having the same issue, SSO + SCIM and it auto creates the user in TV but asking for one time password. Why? this negates the whole point of automating. What needs to be done to fix this, any additional settings in the provisioning?

    Please help as we are stuck here



  • JeanK
    JeanK Posts: 6,899 Community Manager 🌍

    Hello @CW_Alias and @mkaif22,

    For new accounts, the customer identifier must be specified in the user sync.

    Please check the Optional Single Sign-On Attribute Mapping section of the following article to configure it correctly:

    For updating existing accounts, please use the script I sent you via private message and proceed as follows:

    1. Rename the File from ".txt" back to ".ps1"
    2. Create an API Token with the following permissions: User management: Create users, view users, edit users
    3. Open PowerShell and run the Script with the Command .\Update-TeamViewerUserSso -ApiToken 'MyApiToken' -SsoCustomerId 'MyCustomerId' -EmailDomain 'example.test'
    4. Replace the Placeholder "Apitoken", "CustomerId" and "example.test" with your own values

    I hope that this could help! 🍀 If not, please keep us posted!

    Community Manager

  • JeanK
    JeanK Posts: 6,899 Community Manager 🌍

    @CW_Alias @mkaif22

    Could you already test the script that I sent you?

    I would really like to know if it worked out for you guys or if you still need some help. 😊

    Community Manager

  • CW_Alias
    CW_Alias Posts: 4 ✭✭


    I was able to fix this with Teamviewer Support. The documentation is contradictory.

    For SSO, Teamviewer documentation refers to microsoft: Tutorial: Configure TeamViewer for automatic user provisioning with Azure Active Directory | Microsoft Docs . There, Microsoft instructs to use the Gallery App.

    However, to implement SCIM, you should create a non-gallery app. This is only told in the SCIM documentation. Which is too late, because customers have already created the Gallery app at that point.

    The gallery app is missing all the extra attributes. No option to add them.

  • JeanK
    JeanK Posts: 6,899 Community Manager 🌍

    Hello @CW_Alias,

    Thanks a lot for the update and the feedback regarding the documentation.

    We will have a look at it and adjust it if needed. 💯

    All the best,


    Community Manager

  • mkaif2215
    mkaif2215 Posts: 2 ✭✭

    I have set up the SSO (with non-gallery app) and SCIM as mentioned in the link below.

    The user is synced to TeamViewer successfully. Now when the user tried to login to the teamviewer full client, a message comes up saying login is successful but then another message pops up saying "username and password you entered does not match" (both screenshots are below)

    The SSO is not working and we are a bit disappointed. Are we supposed to create a one-time SSO password?

  • mkaif2215
    mkaif2215 Posts: 2 ✭✭
    edited August 7

    Update to this comment.

    It worked, I had to switch to the new UI version of TeamViewer full client and SSO works perfectly. Then when I switch it back to the old UI it still works.

    Can't understand why it did not work the first time and its going to be a pain to instruct users to do this.