This article will show you how to configure SAML for 15Five application in Teamstack.
Once this is done, your users will be able to access 15Five using Teamstack via SAML. Your users will use their Teamstack credentials when accessing 15Five.
15Five (SP) initiated Single Sign-On
Teamstack (IdP) initiated Single Sign-On
JIT (Just In Time) Provisioning
Set up SSO via SAML for 15Five
To set up SSO you first need to add 15Five app to Teamstack, assign it to yourself and then configure 15Five SSO with the SAML metadata from Teamstack.
Step 1: Add 15Five app to Teamstack
Log in to 15Five with your administrator account.
In the top menu, click on "Company Setting" and select "Single Sign On" in the left sidebar.
Input your subdomain and click "Save". You will need this later.
Now go to your Applications in Teamstack.
Click "Add Application" in the top right corner.
Search for "15Five" and click "Add".
Select this app to be a "SAML" app and enter your subdomain in step 3 (Ex: myCompany.15five.com). Leave the "Relay State" input empty.
In Organization's Applications overview, click on the newly created 15Five app. You will see all the details about this app.
Click on "Users" and assign this app to yourself. You will need this in order to test whether SAML is working correctly for 15Five.
Click on the "SAML Configurations" tab. Keep this page open, you will need these values once you configure the SAML settings in 15Five. You also need to download the metadata file by clicking on the "SAML Metadata" button.
Step 2: Set up SAML in 15Five
When you enable SSO in 15Five, you can configure if users should still be able to log in via username and password or if unknown users should be created on first login (Just In Time Provisioning).
Go back to 15Five website.
Input your email as a "Contact Email".
Check "Automatically update metadata" and input the URL from the "SAML Metadata URL" input (step 1.10).
From the metadata XML file you downloaded in the step 1.10 above, you need to copy the content to the "XML metadata" input.
On the details tab, uncheck "Allow Password Sign In", if you want your users to only be able to log in via SAML.
Check "Allow Creation of New Users (JIT Provisioning)" if you want to auto create new users.
In "Idp Entity ID" field, enter the value from "Issuer (IDP Entity ID)" in the step 1.10 above.
In "IdP Single Sign-On Service URL" field, enter the value from "Sign-in Page URL" in the step 1.10 above.
In "Email attribute name", input "email".
In "First name attribute name" input "firstName".
In "Last name attribute name" input "lastName".
You can now test the login from Teamstack to 15Five. You need to have the 15Five assigned to yourself in Teamstack. To test the connection, do the following:
Open a new incognito window
Log into Teamstack
Click on the 15Five app on your dashboard
You will be redirected to 15Five and will be logged in without the need to enter a password at 15Five.
If you enabled Just In Time Provisioning during the setup, new users will be automatically provisioned in 15Five.