Configuring SSO with Azure AD
Single sign on (SSO) with Azure AD will allow users in your organization to sign in to TeamRetro using their existing AD login - no need to create a separate TeamRetro account.
- In your Azure Active Directory dashboard, select ENTERPRISE APPLICATIONS
- Click New Application
- Select the ALL category, to see the "Add your own app" section
- Click NON-GALLERY APPLICATION
(at the time of writing TeamRetro is not yet listed in the Azure Active Directory marketplace)
- In the ADD YOUR OWN APPLICATION pane, enter the application name TeamRetro and click ADD
- In the Quickstart guide, follow the Azure instructions to ASSIGN A USER FOR TESTING (REQUIRED). Note: there is no need to "Create your test user in TeamRetro". Accounts in TeamRetro are automatically provisioned on first sign in.
- Click CONFIGURE SINGLE SIGN-ON
- In the Single sign-on pane, select Mode SAML-BASED SIGN-ON
- Enter the TeamRetro service provider details into Azure AD. You can find these under "TeamRetro service provider (SP) settings" on the Single Sign On settings page.
- SP Entity ID (TeamRetro) > Identifier (Azure AD)
- Login ACS Url > Reply URL (Azure AD)
- Select USER.MAIL as the "User Identifier"For a full list of supported SAML attributes please see TeamRetro Supported SAML Attributes
- Make sure to SAVE your changes.
- Download a copy of the CERTIFICATE (BASE 64) in the SAML SIGNING CERTIFICATE section.
- Click CONFIGURE TEAMRETRO
- You'll be presented with your identity provider information that needs to be entered into TeamRetro.
- Back in TeamRetro, enter these details into the IDENTITY PROVIDER (IDP) SETTINGS" section
- SAML SINLGE SIGN-ON SERVICE URL (Azure AD) > Login URL (TeamRetro)
- SAML ENTITY ID > IDP Entity ID (TeamRetro)
- DOWNLOADED CERTIFICATE > Signing Certificate (TeamRetro)
- Click SAVE CHANGES
- Click TEST LOGIN
- In a new window, you will be redirected to your identity provider to sign in. If you are redirected back to TeamRetro your configuration has succeeded. If you encounter any errors or warnings; please contact firstname.lastname@example.org and we'll help you out.
- You will now be able to access TeamRetro along with your other Azure AD applications... no sign in required!
- When you invite your team to join you in TeamRetro, they will be presented the option of signing in with your organization's SSO