Configuring SSO with OKTA

Single sign on (SSO) with OKTA will allow users in your organization to sign in to TeamRetro using their existing OKTA account - no need to create a separate TeamRetro account.

Requirements

  • You must be an admin in your TeamRetro organization
  • You must be an admin in OKTA

Setup Instructions

1. Open Single Sign on Settings in TeamRetro

  • Open TeamRetro
  • Browse to your Organization page
  • Select the Settings tab
  • Select Single Sign On from the admin menu
  • Select Add SAML Identity Provider
  • You will be presented with your TeamRetro service provider (SP) settings
  • Leave this window open for the moment - we'll need this information to complete configuration of the TeamRetro app in OKTA.

2. Configure Single Sign On in OKTA

  • In your OKTA admin dashboard, select Add Application
  • Click the Create New App button
  • In the "Create a New Application Integration" dialog:
    • Select "Platform": Web
    • Select "Sign on method": SAML 2.0
  • Click Create
  • On the Create SAML IntegrationGeneral Settings screen
    • Enter "App name": TeamRetro
    • Upload the TeamRetro logo (you can download the one below)
    • Click Next
  • On the Create SAML Integration, Configure SAML screen, complete the GENERAL form
    • Single sign on URL: [copy the ACS URL from the TeamRetro tab]
    • Check "Use this for Recipient URL and Destination URL"
    • Audience URI (SP Entity ID): [copy the SP Entity Id from the TeamRetro tab]
    • Select "Name ID format": EmailAddress
    • Select "Application username": Email
  • In the "Attribute Statements (Optional)" section, add the following entries
    • firstName [Unspecified] user.firstName
    • lastName [Unspecified] user.lastName
    • email [Unspecified] user.email
  • On the "Create SAML Integration - Feedback" page
    • Click Next
  • On the OKTA TeamRetro Application Configuration page
    • Right click Identity Provider metadata and select Save Link As... to download your IdP metadata to your computer - you'll need this in a moment. Save the file as okta-idp-metadata.xml

3. Configuring Single Sign On in TeamRetro

Back in  TeamRetro, it's time to add your OKTA Identity Provider (IdP) details.

  • Under "Identity provider settings (IdP)", click "Upload Metadata"
  • Find and open the "okta-idp-metadata.xml" file you downloaded from OKTA a few minutes ago. If successful, the "IDP ENTITY ID", "LOGIN URL", and "SIGNING CERTIFICATE" fields should be automatically be populate
  • Toggle the identity provider to ENABLED
  • Click SAVE CHANGES
  • Click TEST LOGIN
  • In a new window,You will be redirected to your identity provider to sign in. If you are redirected back to TeamRetro your configuration has succeed. If you encounter any errors or warnings; please contact  info@teamretro.com and we'll help you out.

What's Next

  • You will now be able to access TeamRetro along with your other OKTA applications... no sign in required!
  • When you invite your team to join you in TeamRetro, they will be presented the option of signing in with your organization's SSO

Still need help? Contact Us Contact Us