Configuring SSO with Azure AD
Single sign on (SSO) with Azure AD will allow users in your organization to sign in to TeamRetro using their existing AD login - no need to create a separate TeamRetro account.
In your Azure Active Directory dashboard, select ENTERPRISE APPLICATIONS
Click New Application
Click Create your own application
When asked for the app name, type in "TeamRetro" as below:
Then click on Create at the bottom. (at the time of writing TeamRetro is not yet listed in the Azure Active Directory marketplace)
In the Getting Started section, click on Assign users and groups. Note: there is no need to "Create your test user in TeamRetro". Accounts in TeamRetro are automatically provisioned on first sign in.
Click on Add user/group
Click on None Selected and select from the list of users (to test single sign-on) and click on Select
Back at the Getting Started page, Click Get started under Set up single sign on
When selected the Single sign-on method, select Mode SAML
Once redirected to the Set up Single Sign-On with SAML page, edit the details as follows:
Enter the TeamRetro service provider details into Azure AD. You can find these under "TeamRetro service provider (SP) settings" on the Single Sign On settings page.
- SP Entity ID (TeamRetro) > Identifier (Azure AD)
- Login ACS Url > Reply URL (Azure AD)
Then, edit the user Attributes & Claims fields to match the following:
For a full list of supported SAML attributes please see TeamRetro Supported SAML Attributes
Download the Federation Metadata XML file and save it locally, you will need it later.
Back in TeamRetro, click on UPLOAD METADATA and upload the XML file you had just downloaded
- Toggle on ENABLED
- Click SAVE CHANGES
- Click TEST
- In a new window, you will be redirected to your identity provider to sign in. If you are redirected back to TeamRetro your configuration has succeeded. If you encounter any errors or warnings; please contact email@example.com and we'll help you out.
- You will now be able to access TeamRetro along with your other Azure AD applications... no sign in required!
- When you invite your team to join you in TeamRetro, they will be presented the option of signing in with your organization's SSO