Unable to configure Azure AD SSO with Teamviewer Tensor

Heiman
Heiman Posts: 1

I'm having issue configuring Azure AD SSO with Teamviewer Tensor for our tenant.

I've followed the documenation here (created an enterprise app with SAML SSO > Use the 2 values https://sso.teamviewer.com/saml/metadata and https://sso.teamviewer.com/saml/acs), export .xml and upload to Teamviewer after activating the domain).

https://community.teamviewer.com/t5/Knowledge-Base/Single-Sign-On-SSO/ta-p/30784#toc-hId-**Please do not post TeamViewer IDs**

After my domain is verified, when I go to the teamviewer login page and type in my Azure AD username, I get redirected to the following page. 

https://i.imgur.com/u2yqLZ9.png

I went through the remainder of the documentation and I see that Okta/ADFS/OneLogin all needs to be configured to return the secret customeridentifier, however that doesn't seem to be the case for Azure AD integration.

I've added an extra SAML token attribute for customeridentifier, with the namespace http://sso.teamviewer.com/saml/claims/customeridentifier but I don't think that is doing anything either.

https://i.imgur.com/UypjoZ9.png

Comments

  • danieljoos
    danieljoos Posts: 6 Staff member 🤠

    Hi,

    The knowledge base article is still missing this part.
    The customeridentifier needs to be configured for the AzureAD integration, as well.

    You therefore need to add a custom SAML Token attribute:

    1. On the settings page of the Single SIgn-On app in Azure AD,
      Check the "View and edit all other user attributes" checkbox to be able to add a new custom attribute.
    2. Add an attribute:
      • Name: customeridentifier
      • Value: <GENERATED> (e.g. the value you got during adding of the domain in the TeamViewer Management Console - but can be any generated string).
      • Namespace: http://sso.teamviewer.com/saml/claims
    3. Click "Save".

    Cheers,

    Daniel

    ---

    AAD_Attributes.pngAAD_EditAttribute.png