Configuring SSO with OneLogin

Single sign on (SSO) with OneLogin will allow users in your organization to sign in to TeamRetro using their existing OneLogin account - no need to create a separate TeamRetro account.

Requirements

  • You must be an admin in your TeamRetro organization
  • You must be an admin in OneLogin

Setup Instructions

1. Open Single Sign on Settings in TeamRetro

  • Open TeamRetro
  • Browse to your Organization page
  • Select the Admin tab
  • Select Single Sign On from the admin menu
  • Select Add SAML Identity Provider
  • You will be presented with your TeamRetro service provider (SP) settings
  • Leave this window open for the moment - we'll need this information to complete configuration of the TeamRetro app in OneLogin.

2. Configure Application in OneLogin

  • Open OneLogin dashboard in new tab or window
  • In your OneLogin admin dashboard, select Apps -> "Add Apps"
  • Search for "SAML Test Connector (IdP w/attr)" and select "SAML Test Connector (IdP w/attr)"
  • On the Configuration screen
    • Enter Display name: TeamRetro
    • Enter DescriptionOnline agile retrospective meetings for distributed teams
    • Upload the TeamRetro logos (you can download the ones below)
  • On the App homepage, switch to the Configuration tab
    • Enter the following values:
      • Audience: [copy the SP Entity ID from the TeamRetro tab]
      • ACS (Consumer) URL Validator: ^https:\/\/sso\.teamretro\.com\/[a-z0-9]{22}\/saml\/(samlLoginConsume|samlLogoutConsume)$
      • ACS (Consumer) URL: [copy the Login ACS Url from the TeamRetro tab]
  • Switch to the Parameters tab
  • Add the following attributes:
    • avatarUrl: Profile Picture
    • email: Email
    • firstName: First Name
    • lastName: LastName
  • Click SAVE
  • Download the IdP metadata file - MORE ACTIONS > SAML Metadta  you'll need this in a moment. 

3. Configuring Single Sign On in TeamRetro

Back in TeamRetro, it's time to add your OneLogin Identity Provider (IdP) details.

  • Under Identity provider settings (IdP), click UPLOAD METADATA
  • Find and open the "onelogin-metadata-*****.xml" file you downloaded from OKTA a few minutes ago. If successful, the "IDP ENTITY ID", "LOGIN URL", and "SIGNING CERTIFICATE" fields should be automatically be populated.
  • Enter "OneLogin" into the Friendly Name field.
  • Toggle the identity provider to ENABLED
  • Click SAVE CHANGES
  • Click TEST LOGIN
  • In a new window,You will be redirected to OneLogin to sign in. If you are redirected back to TeamRetro your configuration has succeed. If you encounter any errors or warnings; please contact  info@teamretro.com and we'll help you out.

Still need help? Contact Us Contact Us