This article will show you how to configure SAML for ScreenSteps application in Teamstack.
Once this is done, your users will be able to access ScreenSteps using Teamstack via SAML. Your users will use their Teamstack credentials when accessing ScreenSteps.
Features:
ScreenSteps (SP) initiated Single Sign-On
Teamstack (IdP) initiated Single Sign-On
JIT (Just In Time) Provisioning
Set up SSO via SAML for ScreenSteps
To set up SSO you first need to add ScreenSteps app to Teamstack, assign it to yourself and then configure ScreenSteps SSO with the SAML metadata from Teamstack.
Step 1: Add ScreenSteps app to Teamstack
Login to ScreenSteps with your administrator account.
Select Settings -> Single Sign-on -> Configure SSO.
Enter the title that you want and click "Create".
Reload the website to see "Edit Single Sign-on Endpoint" page (that's a bug).
Scroll down and copy value from "SAML Consumer URL" field.
Now go to your Applications in Teamstack.
Click "Add Application" in the top right corner.
Search for "ScreenSteps" and click "Add".
Select this app to be a "SAML" app and enter your ScreenSteps SAML Consumer URL and leave the "Relay State" input empty.
In Organization's Applications overview, click on the newly created ScreenSteps app. You will see all the details about this app.
Click on "Users" and assign this app to yourself. You will need this in order to test whether SAML is working correctly for ScreenSteps.
Click on the "SAML Configurations" tab. Download the certificate by clicking on the "SAML Metadata" button. Keep this page open, you will need these values once you configure the SAML settings in ScreenSteps.
Step 2: Set up SAML in ScreenSteps
When you enable SSO in ScreenSteps, users that do not yet exist in ScreenSteps but exist in Teamstack, will be created in ScreenSteps automatically (Just In Time Provisioning) . During the setup, you will have the option to specify the default ScreenSteps role for newly created users.
Go to ScreenSteps SAML settings page.
Click "Upload new SAML Certificate file" and select the file that you downloaded from the step 1.12 above.
Copy the value from "Sign-in Page URL" in Teamstack and paste it to the "Remote Login URL" input.
Use https://app.teamstack.com/dashboard in the "Log out URL" input.
You can also select a default role for new users created using SAML.
Check "Active".
Click "Update".
Test:
You can now test the login from Teamstack to ScreenSteps. You need to have ScreenSteps assigned to yourself in Teamstack. To test the connection, do the following:
Open a new incognito window
Log into Teamstack
Click on the ScreenSteps app on your dashboard
You will be redirected to ScreenSteps and will be logged in without the need to enter a password at ScreenSteps.
When a user logs in from Teamstack and the email address of this user is not known at ScreenSteps, a new account will be created in ScreenSteps with the default role that you specified during the SAML setup in ScreenSteps.