The inclusion list for SSO allows you to customize Single Sign-On (SSO) activation by selectively enabling it for specific users or user groups within your organization. This feature helps with a smoother onboarding process by facilitating a controlled test roll-out to a smaller group before implementing SSO across your entire organization. Depending on the company's structure and license setup, the inclusion list can streamline SSO activation by focusing on relevant user groups or email addresses, avoiding the need to exclude the majority of the company’s employees.
This article applies to all TeamViewer Tensor license holders.
To set up the inclusion list for SSO, please follow the instructions below:
SSO will only be activated for the users you have added to the inclusion list.
To ensure that SSO can help your organization prevent any unsupervised TeamViewer usage (aka “‘Shadow IT”), you will need to enable SSO globally for your domain once your testing is complete.
So, once you are done with your tests, make sure to deactivate the inclusion list by clicking the toggle again.
Hint: When SSO is enabled for all accounts, we recommend adding one or more "break-glass" accounts to the SSO exclusion list as a fallback in case of SSO issues. Learn more here.
To understand how the inclusion list for SSO works, please follow the instructions below:
When the inclusion list is enabled:
When the inclusion list is deactivated:
Errors will occur if an attempt is made to include a user on both lists simultaneously. Make sure to remove users from one list before adding them to another.
There is no check if an email from the inclusion list is also included in a user group on the exclusion list or vice versa. Please keep this in mind when setting up the inclusion list in combination with user groups on the exclusion list.