Okta Integration - SCIM Configuration - TeamViewer Support
<main>
<article class="userContent">
<p><br></p><h2 data-id="general">General</h2><div class="blockquote"><div class="blockquote-content"><p class="blockquote-line"><em>This article applies to TeamViewer customers with a </em><a href="https://www.teamviewer.com/en/teamviewer-tensor/" rel="nofollow noreferrer ugc"><em>Tensor license</em></a><em>.</em></p></div></div><p>With SCIM (System for Cross-domain Identity Management), it is possible to synchronize users from Okta to TeamViewer. It allows administrators to create, update and delete users within Okta and keep their TeamViewer accounts automatically updated within seconds.</p><p><br></p><h3></h3><h2 data-id="prerequisite">Prerequisite</h2><p>To be able to use this feature, you must meet the following requirements:</p><ul><li>a valid Tensor license for TeamViewer</li><li>TeamViewer Single Sign-On (SSO) via Okta has been configured successfully. </li></ul><p>Please refer to the setup instructions given on the TeamViewer Knowledge Base: <a href="https://community.teamviewer.com/English/kb/articles/30784-single-sign-on-sso" rel="nofollow noreferrer ugc">https://community.teamviewer.com/English/kb/articles/30784-single-sign-on-sso</a> and ensure to have the Application username format on the tab. Sign-On set to the value “Email” (see below)</p><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/B7SAG5KT4LL6/image.png" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/B7SAG5KT4LL6/image.png" alt="image.png" height="374" width="653" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p><br></p><ul><li>follow manual below to setup SCIM</li></ul><p><br></p><h3 data-id="-1"></h3><h2 data-id="manual">Manual</h2><h3 data-id="create-teamviewer-script-token">Create TeamViewer Script Token</h3><ul><li>Login to TeamViewer: <a href="https://login.teamviewer.com" rel="nofollow noreferrer ugc">https://login.teamviewer.com</a></li><li>Select <strong>Edit Profile </strong>and navigate to the <strong>Script Tokens </strong>section</li><li>Add a new script token with the rights "View, create and edit users" (optionally also admins)</li></ul><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/CLWCPCBRGAV9/image.png" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/CLWCPCBRGAV9/image.png" alt="image.png" height="639" width="578" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p><br></p><ul><li>More details about the TeamViewer SCIM API can be found here</li></ul><div class="js-embed embedResponsive" data-embedjson="{"body":"Technical description of the “System for Cross-domain Identity Management” API as implemented by TeamViewer","url":"https:\/\/teamviewer.github.io\/scim-api-docs\/","embedType":"link","name":"Introduction"}">
<a href="https://teamviewer.github.io/scim-api-docs/" rel="nofollow noreferrer ugc">
https://teamviewer.github.io/scim-api-docs/
</a>
</div><p><br></p><h3 data-id="configuration-steps">Configuration Steps</h3><p>Configure Provisioning for TeamViewer as follows:</p><h4 data-id="enable-scim-integration-in-okta">Enable SCIM integration in Okta</h4><p>1) Open your Okta portal and open the TeamViewer Okta app</p><p>2) Switch to the <strong>Provisioning</strong> tab and click on the <strong>Configure API Integration </strong>button</p><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/IBX71R4JVDAQ/image.png" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/IBX71R4JVDAQ/image.png" alt="image.png" height="647" width="935" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p>3) Tick the checkbox and enter the that has been created before</p><p>4) Click <strong>Test API Credentials</strong> to verify the token</p><p>5) Click <strong>Save</strong> to save the changes</p><p> </p><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/B2S0YHFH8B0P/image.png" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/B2S0YHFH8B0P/image.png" alt="image.png" height="594" width="934" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p><br></p><h4 data-id="configure-scim-integration-in-okta">Configure SCIM integration in Okta</h4><p>1) From the SETTINGS menu on the left, select To App and click Edit</p><p><br></p><p>2) Update User Attributes</p><ol><li>Deactivate Users</li><li>Create Users</li><li>Check Enable for the following supported features:</li></ol><p>3) Click Save</p><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/O36YI7SKFKV5/image.png" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/O36YI7SKFKV5/image.png" alt="image.png" height="706" width="924" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p><br></p><h4 data-id="start-assignment">Start assignment</h4><p>You can now assign users and groups to the TeamViewer Okta application.</p><p>During the assignment Okta will ask for a TeamViewer SSO Customer Identifier.</p><ul><li>Here, please enter the same value as configured in the Single Sign-On section. </li></ul><div class="embedExternal embedImage display-large float-none">
<div class="embedExternal-content">
<a class="embedImage-link" href="https://us.v-cdn.net/6032394/uploads/4QUIFXDLZTKJ/image.png" rel="nofollow noreferrer noopener ugc" target="_blank">
<img class="embedImage-img" src="https://us.v-cdn.net/6032394/uploads/4QUIFXDLZTKJ/image.png" alt="image.png" height="593" width="621" loading="lazy" data-display-size="large" data-float="none"></img></a>
</div>
</div>
<p><br></p><p>You are done with the configuration and can now start provisioning users</p><h2 data-id="known-issues-limitations">Known Issues & Limitations</h2><p>Provisioning in TeamViewer is based on the members of your TeamViewer Company. However, user email addresses need to be unique accross all TeamViewer</p><p>users (even ones that are not part of your TeamViewer Company). So the creation of new users through Okta Provisioning can fail if there is already a user registered in TeamViewer with the same email address, but is not part of your TeamViewer company.</p><p>In addition to the above point, removing a user from a TeamViewer Company via TeamViewer Management Console will not delete the user account. The Provisioning integration can therefore fail to re-create the user, as the account with the corresponding email address still exists.</p><p>Updating the userName / email of the user is not supported by the</p><ul><li>TeamViewer provisioning integration.</li></ul>
</article>
</main>