Configuring SSO with Azure AD
Single sign on (SSO) with Azure AD will allow users in your organization to sign in to TeamRetro using their existing AD login - no need to create a separate TeamRetro account.
- In your Azure Active Directory dashboard, select ENTERPRISE APPLICATIONS
- Click New Application
- Click Create your own application
- When asked for the app name, type in "TeamRetro" as below:
Then click on Create at the bottom. (at the time of writing TeamRetro is not yet listed in the Azure Active Directory marketplace)
In the Getting Started section, click on Assign users and groups. Note: there is no need to "Create your test user in TeamRetro". Accounts in TeamRetro are automatically provisioned on first sign in.
Click on Add user/group
Click on None Selected and select from the list of users (to test single sign-on) and click on Select
- Back at the Getting Started page, Click Get started under Set up single sign on
- When selected the Single sign-on method, select Mode SAML
- Once redirected to the Set up Single Sign-On with SAML page Edit the details as follows:
Enter the TeamRetro service provider details into Azure AD. You can find these under "TeamRetro service provider (SP) settings" on the Single Sign On settings page.
- SP Entity ID (TeamRetro) > Identifier (Azure AD)
- Login ACS Url > Reply URL (Azure AD)
- Click Save
- Then, edit the User Attributes & Claims fields to match the following:
For a full list of supported SAML attributes please see TeamRetro Supported SAML Attributes
Download a copy of the CERTIFICATE (BASE 64) in the SAML SIGNING CERTIFICATE section.
- You will need to configure the app before proceeding. Follow the instructions provided by Azure AD. Click View step-by-step instructions
- You'll be presented with your identity provider information that needs to be entered into TeamRetro.
- Back in TeamRetro, enter these details into the IDENTITY PROVIDER (IDP) SETTINGS" section
- SAML SINLGE SIGN-ON SERVICE URL (Azure AD) > Login URL (TeamRetro)
- SAML ENTITY ID > IDP Entity ID (TeamRetro)
- DOWNLOADED CERTIFICATE > Signing Certificate (TeamRetro)
- Click SAVE CHANGES
- Click TEST LOGIN
- In a new window, you will be redirected to your identity provider to sign in. If you are redirected back to TeamRetro your configuration has succeeded. If you encounter any errors or warnings; please contact email@example.com and we'll help you out.
- You will now be able to access TeamRetro along with your other Azure AD applications... no sign in required!
- When you invite your team to join you in TeamRetro, they will be presented the option of signing in with your organization's SSO