azure ad - SSO problem

mathiasc
mathiasc Posts: 1

hello, we currently have a corporate license with our company.

i am now trying to configure SSO with azure AD according to this guide:

https://community.teamviewer.com/t5/Knowledge-Base-EN/Single-Sign-On-with-Azure-Active-Directory/ta-p/60209

but when i log in to the management console i do not see the "single sign on" menu/section.

Do we need the tensor license before the "single sign on" menu/section comes active?

Tagged:

Comments

  • JeanK
    JeanK Posts: 6,973 Community Manager 🌍

    Hello @mathiasc,

    Thank you for your message and welcome to the TeamViewer Community! ?

    Correct, as stated in the article, you need a Tensor license to use the SSO functionality.

    If you have questions regarding SSO, feel free to ask them here! ?

    Best regards

    Jean

    Community Manager

  • mkaif22
    mkaif22 Posts: 9 ✭✭

    Hi.

    I have teamviewer Tensor and have configured SSO and SCIM for autoprovisioning. The user accounts get created in TV but when the users try to login it prompts for one time password to activate SSO. This negates the purpose of auto provisioning if an admin has to create the one time password for all SSO users created in TV. What is missing here as I can't find any blogs providing a fix.

    We need your help urgently.

    Kaif

  • JeanK
    JeanK Posts: 6,973 Community Manager 🌍
    edited October 2021

    Hello @mkaif22,

    For new accounts, the customer identifier must be specified in the user sync.

    Please check the Optional Single Sign-On Attribute Mapping section of the following article to configure it correctly:

    For updating existing accounts, please use the script I sent you via private message and proceed as follows:

    1. Rename the File from ".txt" back to ".ps1"
    2. Create an API Token with the following permissions: User management: Create users, view users, edit users
    3. Open PowerShell and run the Script with the Command .\Update-TeamViewerUserSso -ApiToken 'MyApiToken' -SsoCustomerId 'MyCustomerId' -EmailDomain 'example.test'
    4. Replace the Placeholder "Apitoken", "CustomerId" and "example.test" with your own values

    I hope that this could help! 🍀 If not, please keep us posted!

    Community Manager