Configuring SSO with OneLogin

Single sign on (SSO) with OneLogin will allow users in your organization to sign in to TeamRetro using their existing OneLogin account - no need to create a separate TeamRetro account.


  • You must be an admin in your TeamRetro organization
  • You must be an admin in OneLogin

Setup Instructions

1. Open Single Sign on Settings in TeamRetro

  • Open TeamRetro
  • Browse to your ORGANIZATION page
  • Select the ADMIN tab
  • Select SINGLE SIGN ON from the admin menu
  • You will be presented with your TeamRetro service provider (SP) settings
  • Leave this window open for the moment - we'll need this information to complete the configuration of the TeamRetro app in OneLogin.

2. Configure Application in OneLogin

  • Open OneLogin dashboard in new tab or window
  • In your OneLogin admin dashboard, select APPS -> ADD APPS
  • Search for "SAML Test Connector (IdP w/attr)" and select "SAML Test Connector (IdP w/attr)"
  • On the Configuration screen
    • Enter DISPLAY NAME: TeamRetro
    • Enter DESCRIPTIONOnline agile retrospective meetings for distributed teams
    • Upload the TeamRetro logos (you can download the ones below)
  • On the App homepage, switch to the CONFIGURATION tab
    • Enter the following values:
      • Audience: [copy the SP Entity ID from the TeamRetro tab]
      • ACS (Consumer) URL Validator: ^https:\/\/sso\.teamretro\.com\/[a-z0-9]{22}\/saml\/(samlLoginConsume|samlLogoutConsume)$
      • ACS (Consumer) URL: [copy the Login ACS Url from the TeamRetro tab]
  • Switch to the PARAMETERS tab
  • Add the following attributes:
  • Click SAVE
  • Download the IdP metadata file - MORE ACTIONS > SAML METADATA - you'll need this in a moment. 

3. Configuring Single Sign On in TeamRetro

Back in TeamRetro, it's time to add your OneLogin Identity Provider (IdP) details.

  • Under Identity provider settings (IdP), click UPLOAD METADATA
  • Find and open the "onelogin-metadata-*****.xml" file you downloaded from OneLogin a few minutes ago. If successful, the "IDP ENTITY ID", "LOGIN URL", and "SIGNING CERTIFICATE" fields should be automatically be populated.
  • Enter "OneLogin" into the FRIENDLY NAME field.
  • Toggle the identity provider to ENABLED
  • Click TEST LOGIN
  • In a new window, you will be redirected to OneLogin to sign in. If you are redirected back to TeamRetro your configuration has succeeded. If you encounter any errors or warnings; please contact and we'll help you out.

Still need help? Contact Us Contact Us