Configuring SSO with Google workspace

Single sign on (SSO) with Google Workspace will allow users in your organization to sign in to TeamRetro using their existing Workspace account - no need to create a separate TeamRetro account.

Requirements

  • You must be an admin in your TeamRetro organization
  • You must be an admin in your Google Workspace organization

Setup Instructions

1. Open Single Sign on Settings in TeamRetro

  • Open TeamRetro
  • Browse to your ORGANIZATION page

  • Select the SETTINGS tab

  • Select SSO from the admin menu


  • Select ADD SAML IDENTITY PROVIDER

  • You will be presented with your TeamRetro service provider (SP) settings

  • Leave this window open for the moment - we'll need this information to complete the configuration of the TeamRetro app in Google Workspace.

2. Configure Single Sign On in Google Workspace

  • Open Google Workspace admin console in a new tab or window (make sure you leave the TeamRetro SSO page open)

  • In your Google Workspace dashboard, click Apps -> Web and mobile apps


  • Click the Add app button and then Add custom SAML app


  • Enter the following information on the App details page:
    • App Name: TeamRetro
    • Description: Online agile retrospective meetings for distributed teams

    • App icon:

      Right-click on the logo above and select SAVE IMAGE AS.. to download to your computer. You can then click CHOOSE FILE in the Google Workspace setup window to upload. 


    • Click CONTINUE


  • Under Option 1, click on DOWNLOAD METADATA


  • Click CONTINUE


  • Complete the Google Workspace "Service Provider Details" form:
    • ACS URL: [copy the LOGIN ACS URL from TeamRetro]
    • Entity ID: [copy the SP ENTITY ID from TeamRetro]
    • Start URL: leave blank
    • Signed Response: Checked
    • Name ID: Basic Information, Primary Email

    • Name ID Format: EMAIL

  • Click CONTINUE


  • Use the ADD MAPPING button to create the following three entries:
    • [Basic Information], Primary email, email
    • [Basic Information], First name, firstName
    • [Basic Information], Last name, lastName
    • For a full list of supported SAML attributes please see TeamRetro Supported SAML Attributes

  • Click  FINISH


  • Click on User access and enable the application for your users


  • Click on Save

    Once Google Workspace has saved your new SAML application configuration, you should be directed to the Google Workspace TeamRetro application page. By default, the application is not available for your Workspace users. 


3. Configuring Single Sign On in TeamRetro

Back in TeamRetro, it's time to add your Google Workspace Identity Provider (IdP) details.

  • Under "Identity provider settings (IdP)", click UPLOAD METADATA

  • Find and open the metadata XML file you downloaded from Google Workspace a few minutes ago. If successful, the "IDP ENTITY ID", "LOGIN URL", and "SIGNING CERTIFICATE" fields should be automatically be populated

  • Toggle the identity provider to ENABLED
  • Click SAVE CHANGES
  • Click TEST
  • You will be redirected to your identity provider to sign in. If you are redirected back to TeamRetro your configuration has succeeded. If you encounter any errors or warnings; please contact  info@teamretro.com and we'll help you out.

What's Next

  • You will now be able to access TeamRetro along with your other Workspace Applications... no sign in required!

  • When you invite your team to join you in TeamRetro, they will be presented the option of signing in with your organization's SSO

Still need help? Contact Us Contact Us