Configuring SSO with Azure AD

Single sign on (SSO) with Azure AD will allow users in your organization to sign in to TeamRetro using their existing AD login - no need to create a separate TeamRetro account.

  • In your Azure Active Directory dashboard, select "Enterprise Applications"
  • Click "New Application"
  • Select the "All" category, to see the "Add your own app" section
  • Click "Non-gallery application"
    (at the time of writing TeamRetro is not yet listed in the Azure Active Directory marketplace)
  • In the "Add your own application" pane, enter the application name "TeamRetro" and click "Add"
  • In the Quick start guide, follow the Azure instructions to "Assign a user for testing (required)". Note: there is no need to "Create your test user in TeamRetro". Accounts in TeamRetro are automatically provisioned on first sign in.
  • Click "Configure single sign-on"
  • In the Single sign-on pane, select Mode "SAML-based Sign-on"
  • Enter the TeamRetro service provider details into Azure AD. You can find these under "TeamRetro service provider (SP) settings" on the Single Sign On settings page. 
    • SP Entity ID (TeamRetro) > Identifier (Azure AD)
    • Login ACS Url > Reply URL (Azure AD)
  • Select "user.mail" as the "User Identifier"
  • Make sure to Save your changes
  • Download a copy of the Certificate (Base 64) in the "SAML Signing Certificate" section.
  • Click "Configure TeamRetro"
  • You'll be presented with your identity provider information that needs to be entered into TeamRetro. 
  • Back in TeamRetro, enter these details into the "Your identity provider (IdP) settings" section
    • SAML Single Sign-On Service URL (Azure AD) > Login URL (TeamRetro)
    • SAML Entity IDIDP Entity ID (TeamRetro)
    • Downloaded Certificate > Signing Certificate (TeamRetro)
  • Click SAVE CHANGES
  • Click TEST LOGIN
  • In a new window,You will be redirected to your identity provider to sign in. If you are redirected back to TeamRetro your configuration has succeed. If you encounter any errors or warnings; please contact  info@teamretro.com and we'll help you out.

What's Next

  • You will now be able to access TeamRetro along with your other Azure AD applications... no sign in required!
  • When you invite your team to join you in TeamRetro, they will be presented the option of signing in with your organization's SSO

Still need help? Contact Us Contact Us