Overview: These directions show how to configure SAML settings for single sign-on from your institution's identity provider to Taskstream. Attached are also some SAML configuration samples on the identity provider side, like ADFS 2.0 and Stoneware.
Step 1: Obtain an authentication certificate from your identity provider (CER file).
Step 2: Login to Taskstream and navigate to the System Administration area and into the Single Sign-On page.
Step 3: Select to create a new SAML Connection.
Step 4: After providing the following items you will be given your connection's unique ACS URL.
- SAML integration method: This will be either using an HTTP Redirect or HTTP Post.
- Error Notification Email: You may provide an email address for error notifications (optional).
- Idp Url: The login URL for your identity provider
- Error URL: If no error URL is specified, upon error user will be presented with a Taskstream error page with error message depending on the type of error (optional).
- Logout URL: If no URL is specified by default upon logout the user will be logged out of Taskstream and redirected to Taskstream.com site (optional).
- Metadata URL: Not implemented at this time (optional).
- Attribute bindings for First Name, Last Name, and Email (used to match a user account within Taskstream upon first SSO connection.
- CER Certificate file: Upload the certificate file obtained from your identity provider.
Step 5: Click continue to view confirmation screen and from there click confirm to create the new connection.
Step 6: Click the record for the SAML connection that you just created and use provided Entity ID and ACS URL from SAML Connection Details to complete configuration within your identity provider.
Note: The Taskstream SAML solution does not automatically create new Taskstream accounts for a new user when they click the link from your portal/website. You must provision the Taskstream accounts for any new users beforehand. Please refer to the article below for the method to provision Taskstream accounts:
TS - Creating Accounts in TSDE
If a new user clicks the link and does not have an existing Taskstream account to match against, the user will see an error message stating they do not have a Taskstream account and to contact their administrator.