Configuring SSO with OneLogin

Single sign on (SSO) with OneLogin will allow users in your organization to sign in to TeamRetro using their existing OneLogin account - no need to create a separate TeamRetro account.

Requirements

• You must be an admin in your TeamRetro organization
• You must be an admin in OneLogin

Setup Instructions

1. Open Single Sign on Settings in TeamRetro

• Open TeamRetro

• Browse to the ORGANIZATION -> SETTINGS page

  

• Select the SINGLE SIGN ON tab

• 

  
  

• Click ADD SAML IDENTITY PROVIDER

  

  
  

  You will be presented with your TeamRetro service provider (SP) settings

  

  • Leave this window open for the moment - we'll need this information to complete the configuration of the TeamRetro app in OneLogin.

    
    

Configure Application in OneLogin

• Open OneLogin dashboard in new tab or window

• In your OneLogin admin dashboard, select APPLICATIONS -> APPLICATIONS

  

• Search for "SAML Test" and select "SAML Custom Connector (Advanced)"

  

  
  

  On the Configuration screen

  • Enter DISPLAY NAME: TeamRetro
  • Enter DESCRIPTION: Online agile retrospective meetings for distributed teams

  • Upload the TeamRetro logos (you can download the ones below)

    
    

    

    

    

    
    

  • Click Save

    

• On the Configuration tab: 
  • Enter the following values:
    • Audience: [copy the SP Entity ID from the TeamRetro tab]
    • ACS (Consumer) URL Validator: ^https:\/\/sso\.teamretro\.com\/[a-z0-9]{22}\/saml\/(samlLoginConsume|samlLogoutConsume)$

    • ACS (Consumer) URL: [copy the Login ACS Url from the TeamRetro tab]

      

      
      

    • Click Save

      
      
• Switch to the PARAMETERS tab
• Add the following fields:
  • avatarUrl: Profile Picture
  • email: Email
  • firstName: First Name

  • lastName: LastName

    

    For a full list of supported SAML attributes please see TeamRetro Supported SAML Attributes

• Click SAVE

• 

• Switch to the SSO tab and download the IdP metadata file - MORE ACTIONS > SAML METADATA - you'll need this in a moment. 

  

3. Configuring Single Sign On in TeamRetro

Back in TeamRetro, it's time to add your OneLogin Identity Provider (IdP) details.

• Under Identity provider settings (IdP), click UPLOAD METADATA

  

• Find and open the "onelogin-metadata-*****.xml" file you downloaded from OneLogin a few minutes ago. If successful, the "IDP ENTITY ID", "LOGIN URL", and "SIGNING CERTIFICATE" fields should be automatically be populated.

• Enter "OneLogin" into the FRIENDLY NAME field.

  

• Toggle the identity provider to ENABLED

  

• Click SAVE CHANGES

• Click TEST

  
  

  

In a new window, you will be redirected to OneLogin to sign in. If you are redirected back to TeamRetro your configuration has succeeded. If you encounter any errors or warnings; please contact  info@teamretro.com and we'll help you out.