If you are using our Group solution, you will be able to configure the Single Sign-on (SSO) on the parent account following these instructions: Using SSO with Teamtailor.
As a first step, configure the Single Sign-on (SSO) on the parent account following these instructions: Using SSO with Teamtailor. The setup will be added to the connected child accounts too, so there is probably some additional setup you need to do, let’s look at them one by one:
Company mapping (configured via your CSM or support@teamtailor.com)
Auto-join domains
The inherited settings include the SSO Auto-join domain(s). This is the domain/s used to identify which company account(s) a user should be signed in to when signing in via the Teamtailor general login page.
If you use other domains than the one automatically fetched (for example specific domains for specific child accounts), please reach out to your Customer Success Manager or our support via chat or at support@teamtailor.com, and we will help you configure it.
Please also reach out in case you would like support to add
Company mapping
Create new users on different company accounts with Company mapping
Please note that this must be configured by your CSM or our support@teamtailor.com 👋
By default, new users will be created on the parent account the first time they log in using SSO. To make sure users are being created, and thereby given access, to the correct Teamtailor account, we support User mapping.
Please see the table below to better understand the information requested when adding your mapping:
Target company | The company account in Teamtailor that the user should be created on |
Source key | The attribute provided by your Identity Provider (IdP) |
Source value | The value or values provided by your Identity Provider (IdP) that will determine the Target company in Teamtailor |
Also good for you to know is that:
A source value can be connected to several Target companies to allow a user to be created on several accounts upon first login
Several source values can be connected to one Target company
users can always be invited manually by Company Admins to be given access to certain accounts within the Group
Additional SSO configurations
Configure additional SSO for company accounts within the Group
In some cases, one or several of the child accounts may have their own IdP or SSO setup that you would like them to use. In those cases, our support or your CSM will help you to configure the setup. In order to do so, please provide them with the following information:
Metadata-url
Metadata file
Auto-join domain(s)
Role mapping and Exclusion of individual users
As with the standard SSO solution for individual users, it is possible to add role mapping and exclude users from SSO.
It is important to note that to do this, SSO must be enforced on the parent account, not just added. This is because only enforced SSO settings will show on the child accounts.
For role mapping, the roles that you set on the parent account will follow to the child accounts.
For the exclusion of users, it is possible to add users that are unique to each individual account.