Configuring SSO with Google workspace
Single sign on (SSO) with Google Workspace will allow users in your organization to sign in to TeamRetro using their existing Workspace account - no need to create a separate TeamRetro account.
- You must be an admin in your TeamRetro organization
- You must be an admin in your Google Workspace organization
1. Open Single Sign on Settings in TeamRetro
- Open TeamRetro
- Browse to your ORGANIZATION page
Select the SETTINGS tab
Select SINGLE SIGN ON from the admin menu
Select ADD SAML IDENTITY PROVIDER
You will be presented with your TeamRetro service provider (SP) settings
- Leave this window open for the moment - we'll need this information to complete the configuration of the TeamRetro app in Google Workspace.
2. Configure Single Sign On in Google Workspace
- Open Google Workspace admin console in a new tab or window (make sure you leave the TeamRetro SSO page open)
In your Google Workspace dashboard, click Apps -> Web and mobile apps
Click the Add app button and then Add custom SAML app
- Enter the following information on the App details page:
- App Name: TeamRetro
- Description: Online agile retrospective meetings for distributed teams
Right-click on the logo above and select SAVE IMAGE AS.. to download to your computer. You can then click CHOOSE FILE in the Google Workspace setup window to upload.
Under Option 1, click on DOWNLOAD METADATA
- Complete the Google Workspace "Service Provider Details" form:
- ACS URL: [copy the LOGIN ACS URL from TeamRetro]
- Entity ID: [copy the SP ENTITY ID from TeamRetro]
- Start URL: leave blank
- Signed Response: Checked
- Name ID: Basic Information, Primary Email
Name ID Format: EMAIL
- Use the ADD MAPPING button to create the following three entries:
- [Basic Information], Primary email, email
- [Basic Information], First name, firstName
- [Basic Information], Last name, lastName
- For a full list of supported SAML attributes please see TeamRetro Supported SAML Attributes
Click on User access and enable the application for your users
Click on Save
Once Google Workspace has saved your new SAML application configuration, you should be directed to the Google Workspace TeamRetro application page. By default, the application is not available for your Workspace users.
3. Configuring Single Sign On in TeamRetro
Back in TeamRetro, it's time to add your Google Workspace Identity Provider (IdP) details.
Under "Identity provider settings (IdP)", click UPLOAD METADATA
Find and open the metadata XML file you downloaded from Google Workspace a few minutes ago. If successful, the "IDP ENTITY ID", "LOGIN URL", and "SIGNING CERTIFICATE" fields should be automatically be populated
- Toggle the identity provider to ENABLED
- Click SAVE CHANGES
- Click TEST
- You will be redirected to your identity provider to sign in. If you are redirected back to TeamRetro your configuration has succeeded. If you encounter any errors or warnings; please contact email@example.com and we'll help you out.
You will now be able to access TeamRetro along with your other Workspace Applications... no sign in required!
- When you invite your team to join you in TeamRetro, they will be presented the option of signing in with your organization's SSO