Configuring SSO with Azure AD
Single sign on (SSO) with Azure AD will allow users in your organization to sign in to TeamRetro using their existing AD login - no need to create a separate TeamRetro account.
- In your Azure Active Directory dashboard, select "Enterprise Applications"
- Click "New Application"
- Select the "All" category, to see the "Add your own app" section
- Click "Non-gallery application"
(at the time of writing TeamRetro is not yet listed in the Azure Active Directory marketplace)
- In the "Add your own application" pane, enter the application name "TeamRetro" and click "Add"
- In the Quick start guide, follow the Azure instructions to "Assign a user for testing (required)". Note: there is no need to "Create your test user in TeamRetro". Accounts in TeamRetro are automatically provisioned on first sign in.
- Click "Configure single sign-on"
- In the Single sign-on pane, select Mode "SAML-based Sign-on"
- Enter the TeamRetro service provider details into Azure AD. You can find these under "TeamRetro service provider (SP) settings" on the Single Sign On settings page.
- SP Entity ID (TeamRetro) > Identifier (Azure AD)
- Login ACS Url > Reply URL (Azure AD)
- Select "user.mail" as the "User Identifier"
- Make sure to Save your changes
- Download a copy of the Certificate (Base 64) in the "SAML Signing Certificate" section.
- Click "Configure TeamRetro"
- You'll be presented with your identity provider information that needs to be entered into TeamRetro.
- Back in TeamRetro, enter these details into the "Your identity provider (IdP) settings" section
- SAML Single Sign-On Service URL (Azure AD) > Login URL (TeamRetro)
- SAML Entity ID > IDP Entity ID (TeamRetro)
- Downloaded Certificate > Signing Certificate (TeamRetro)
- Click SAVE CHANGES
- Click TEST LOGIN
- In a new window,You will be redirected to your identity provider to sign in. If you are redirected back to TeamRetro your configuration has succeed. If you encounter any errors or warnings; please contact firstname.lastname@example.org and we'll help you out.
- You will now be able to access TeamRetro along with your other Azure AD applications... no sign in required!
- When you invite your team to join you in TeamRetro, they will be presented the option of signing in with your organization's SSO