Configuring SSO with OneLogin
Single sign on (SSO) with OneLogin will allow users in your organization to sign in to TeamRetro using their existing OneLogin account - no need to create a separate TeamRetro account.
Requirements
- You must be an admin in your TeamRetro organization
- You must be an admin in OneLogin
Setup Instructions
1. Open Single Sign on Settings in TeamRetro
- Open TeamRetro
- Browse to your ORGANIZATION page
- Select the ADMIN tab
- Select SINGLE SIGN ON from the admin menu
- Select ADD SAML IDENTITY PROVIDER
- You will be presented with your TeamRetro service provider (SP) settings
- Leave this window open for the moment - we'll need this information to complete the configuration of the TeamRetro app in OneLogin.
2. Configure Application in OneLogin
- Open OneLogin dashboard in new tab or window
- In your OneLogin admin dashboard, select APPS -> ADD APPS
- Search for "SAML Test Connector (IdP w/attr)" and select "SAML Test Connector (IdP w/attr)"
- On the Configuration screen
- Enter DISPLAY NAME: TeamRetro
- Enter DESCRIPTION: Online agile retrospective meetings for distributed teams
- Upload the TeamRetro logos (you can download the ones below)
- On the App homepage, switch to the CONFIGURATION tab
- Enter the following values:
- Audience: [copy the SP Entity ID from the TeamRetro tab]
- ACS (Consumer) URL Validator: ^https:\/\/sso\.teamretro\.com\/[a-z0-9]{22}\/saml\/(samlLoginConsume|samlLogoutConsume)$
- ACS (Consumer) URL: [copy the Login ACS Url from the TeamRetro tab]
- Enter the following values:
- Switch to the PARAMETERS tab
- Add the following attributes:
- avatarUrl: Profile Picture
- email: Email
- firstName: First Name
- lastName: LastName
For a full list of supported SAML attributes please see TeamRetro Supported SAML Attributes
- Click SAVE
- Download the IdP metadata file - MORE ACTIONS > SAML METADATA - you'll need this in a moment.
3. Configuring Single Sign On in TeamRetro
Back in TeamRetro, it's time to add your OneLogin Identity Provider (IdP) details.
- Under Identity provider settings (IdP), click UPLOAD METADATA
- Find and open the "onelogin-metadata-*****.xml" file you downloaded from OneLogin a few minutes ago. If successful, the "IDP ENTITY ID", "LOGIN URL", and "SIGNING CERTIFICATE" fields should be automatically be populated.
- Enter "OneLogin" into the FRIENDLY NAME field.
- Toggle the identity provider to ENABLED
- Click SAVE CHANGES
- Click TEST LOGIN
- In a new window, you will be redirected to OneLogin to sign in. If you are redirected back to TeamRetro your configuration has succeeded. If you encounter any errors or warnings; please contact info@teamretro.com and we'll help you out.