Configuring SSO with OneLogin

Single sign on (SSO) with OneLogin will allow users in your organization to sign in to TeamRetro using their existing OneLogin account - no need to create a separate TeamRetro account.

Requirements

Setup Instructions

Open Single Sign on Settings in TeamRetro

1. Open TeamRetro.

2. Select the SETTINGS tab.

   

3. Select SSO from the admin menu.

   

   
   

4. Select ADD IDENTITY PROVIDER.

   

   
   

5. You will be presented with your TeamRetro service provider (SP) settings.

   

6. Leave this window open for the moment - we'll need this information to complete the configuration of the TeamRetro app in OneLogin.

Configure Application in OneLogin

1. Open OneLogin dashboard in new tab or window.

2. In your OneLogin admin dashboard, select APPLICATIONS -> APPLICATIONS.

   

3. Search for "SAML Test" and select SAML Custom Connector (Advanced).

   

4. On the Configuration screen:
   • Enter DISPLAY NAME: TeamRetro
   • Enter DESCRIPTION: Online agile retrospective meetings for distributed teams

   • Upload the TeamRetro logos (you can download the ones below)

     
     

     

     

     

     
     

   • Click Save.

     

5. On the Configuration tab: 
   • Enter the following values:
     • Audience: [copy the SP Entity ID from the TeamRetro tab]
     • ACS (Consumer) URL Validator: ^https:\/\/sso\.teamretro\.com\/[a-z0-9]{22}\/saml\/(samlLoginConsume|samlLogoutConsume)$

     • ACS (Consumer) URL: [copy the Login ACS Url from the TeamRetro tab]

       

       
       

     • Click Save.

       
       
6. Switch to the PARAMETERS tab.
7. Add the following fields:
   • avatarUrl: Profile Picture
   • email: Email
   • firstName: First Name

   • lastName: LastName

     

     For a full list of supported SAML attributes please see TeamRetro Supported SAML Attributes.

8. Click SAVE.

9. Switch to the SSO tab and download the IdP metadata file - MORE ACTIONS > SAML METADATA - you'll need this in a moment. 

   

Configuring Single Sign On in TeamRetro

Back in TeamRetro, it's time to add your OneLogin Identity Provider (IdP) details.

1. Under Identity provider settings (IdP), click UPLOAD METADATA.

   

2. Find and open the "onelogin-metadata-*****.xml" file you downloaded from OneLogin a few minutes ago. If successful, the IDP ENTITY ID, LOGIN URL, and SIGNING CERTIFICATE fields should be automatically be populated.

3. Enter "OneLogin" into the FRIENDLY NAME field.

   

4. Toggle the identity provider to ENABLED.

   

5. Click SAVE CHANGES.

6. Click TEST.

   
   

   

In a new window, you will be redirected to OneLogin to sign in. If you are redirected back to TeamRetro your configuration has succeeded. If you encounter any errors or warnings; please contact  info@teamretro.com and we'll help you out.