Configuring SSO with OneLogin

Single sign on (SSO) with OneLogin will allow users in your organization to sign in to TeamRetro using their existing OneLogin account - no need to create a separate TeamRetro account.


  • You must be an admin in your TeamRetro organization
  • You must be an admin in OneLogin

Setup Instructions

  1. Open Single Sign on Settings in TeamRetro

    • Open TeamRetro

    • Browse to the ORGANIZATION -> SETTINGS page

    • Select the SINGLE SIGN ON tab


    • You will be presented with your TeamRetro service provider (SP) settings

      • Leave this window open for the moment - we'll need this information to complete the configuration of the TeamRetro app in OneLogin.

Configure Application in OneLogin

  • Open OneLogin dashboard in new tab or window
  • In your OneLogin admin dashboard, select APPLICATIONS -> APPLICATIONS

    Search for "SAML Test" and select "SAML Custom Connector (Advanced)"

  • On the Configuration screen

    • Enter DISPLAY NAME: TeamRetro
    • Enter DESCRIPTION: Online agile retrospective meetings for distributed teams
    • Upload the TeamRetro logos (you can download the ones below)

    • Click Save

  • On the Configuration tab: 
    • Enter the following values:
      • Audience: [copy the SP Entity ID from the TeamRetro tab]
      • ACS (Consumer) URL Validator: ^https:\/\/sso\.teamretro\.com\/[a-z0-9]{22}\/saml\/(samlLoginConsume|samlLogoutConsume)$
      • ACS (Consumer) URL: [copy the Login ACS Url from the TeamRetro tab]

      • Click Save

  • Switch to the PARAMETERS tab
  • Add the following fields:
  • Click SAVE
  • Switch to the SSO tab and download the IdP metadata file - MORE ACTIONS > SAML METADATA - you'll need this in a moment. 

3. Configuring Single Sign On in TeamRetro

Back in TeamRetro, it's time to add your OneLogin Identity Provider (IdP) details.

  • Under Identity provider settings (IdP), click UPLOAD METADATA

  • Find and open the "onelogin-metadata-*****.xml" file you downloaded from OneLogin a few minutes ago. If successful, the "IDP ENTITY ID", "LOGIN URL", and "SIGNING CERTIFICATE" fields should be automatically be populated.
  • Enter "OneLogin" into the FRIENDLY NAME field.

  • Toggle the identity provider to ENABLED

  • Click TEST

In a new window, you will be redirected to OneLogin to sign in. If you are redirected back to TeamRetro your configuration has succeeded. If you encounter any errors or warnings; please contact and we'll help you out.

Still need help? Contact Us Contact Us