All Collections
Group solution
Using SSO with our Group solution
Using SSO with our Group solution

This article will cover how you configure Single Sign-on (SSO) when using our Group solution.

Evelina Lundmarck avatar
Written by Evelina Lundmarck
Updated over a week ago

If you are using our Group solution, you will be able to configure the Single Sign-on (SSO) on the parent account following these instructions: Using SSO with Teamtailor.

As a first step, configure the Single Sign-on (SSO) on the parent account following these instructions: Using SSO with Teamtailor. The setup will be added to the connected child accounts too, so there is probably some additional setup you need to do, let’s look at them one by one:

Auto-join domains

The inherited settings include the SSO Auto-join domain(s). This is the domain/s used to identify which company account(s) a user should be signed in to when signing in via the Teamtailor general login page.

If you use other domains than the one automatically fetched (for example specific domains for specific child accounts), please reach out to your Customer Success Manager or our support via chat or at support@teamtailor.com, and we will help you configure it.

Please also reach out in case you would like support to add

Company mapping

Create new users on different company accounts with Company mapping

Please note that this must be configured by your CSM or our support@teamtailor.com 👋

By default, new users will be created on the parent account the first time they log in using SSO. To make sure users are being created, and thereby given access, to the correct Teamtailor account, we support User mapping.

Please see the table below to better understand the information requested when adding your mapping:

Target company

The company account in Teamtailor that the user should be created on

Source key

The attribute provided by your Identity Provider (IdP)

Source value

The value or values provided by your Identity Provider (IdP) that will determine the Target company in Teamtailor

Also good for you to know is that:

  • A source value can be connected to several Target companies to allow a user to be created on several accounts upon first login

  • Several source values can be connected to one Target company

  • users can always be invited manually by Company Admins to be given access to certain accounts within the Group

Additional SSO configurations

Configure additional SSO for company accounts within the Group

In some cases, one or several of the child accounts may have their own IdP or SSO setup that you would like them to use. In those cases, our support or your CSM will help you to configure the setup. In order to do so, please provide them with the following information:

  • Metadata-url

  • Metadata file

  • Auto-join domain(s)

Role mapping and Exclusion of individual users

As with the standard SSO solution for individual users, it is possible to add role mapping and exclude users from SSO.

It is important to note that to do this, SSO must be enforced on the parent account, not just added. This is because only enforced SSO settings will show on the child accounts.

For role mapping, the roles that you set on the parent account will follow to the child accounts.

For the exclusion of users, it is possible to add users that are unique to each individual account.

Did this answer your question?