Configuring SSO with Azure AD

You need to be an account OWNER to make the changes.

Single sign on (SSO) with Azure AD will allow users in your organization to sign in to TeamRetro using their existing AD login - no need to create a separate TeamRetro account.


  1. Log in to TeamRetro and select the SETTINGS —> SSO tab.


  1. Select ADD IDENTITY PROVIDER.


You will be presented with your TeamRetro service provider (SP) settings

Leave this window open for the moment - we'll need this information to complete the configuration of the TeamRetro app in Azure AD.

  1. In your Azure Active Directory dashboard, select ENTERPRISE APPLICATIONS.

  2. Click New Application.


  3. Click Create your own application.



  4. When asked for the app name, type in "TeamRetro" as below:


  5. Then click on Create at the bottom. (at the time of writing TeamRetro is not yet listed in the Azure Active Directory marketplace).


  6. In the Getting Started section, click on Assign users and groups. Note: there is no need to "Create your test user in TeamRetro". Accounts in TeamRetro are automatically provisioned on first sign in.

  7. Click on Add user/group.

  8. Click on None Selected and select from the list of users (to test single sign-on) and click on Select.


  9. Back at the Getting Started page, Click Get started under Set up single sign on.


  10. Select mode SAML.

  11. Once redirected to the Set up Single Sign-On with SAML page, edit the details as follows:

    Enter the TeamRetro service provider details into Azure AD. You can find these under "TeamRetro service provider (SP) settings" on the Single Sign On settings page. 

    • SP Entity ID (TeamRetro) > Identifier (Azure AD)
    • Login ACS Url > Reply URL (Azure AD)

  1. Click Save.

  1. Then, edit the user Attributes & Claims fields to match the following:

For a full list of supported SAML attributes please see TeamRetro Supported SAML Attributes


  1. Download the Federation Metadata XML file and save it locally, you will need it later.

  1. Back in TeamRetro, click on UPLOAD METADATA and upload the XML file you had just downloaded

  1. Toggle on ENABLED.
  2. Click SAVE CHANGES.
  3. Click TEST.
  4. In a new window, you will be redirected to your identity provider to sign in. If you are redirected back to TeamRetro your configuration has succeeded. If you encounter any errors or warnings; please contact  info@teamretro.com and we'll help you out.

What's Next

  • You will now be able to access TeamRetro along with your other Azure AD applications... no sign in required!
  • When you invite your team to join you in TeamRetro, they will be presented the option of signing in with your organization's SSO.

Still need help? Contact Us Contact Us

Related Articles