Configuring SSO with Google GSuite

Single sign on (SSO) with Google GSuite will allow users in your organization to sign in to TeamRetro using their existing GSuite account - no need to create a separate TeamRetro account.


  • You must be an admin in your TeamRetro organization
  • You must be an admin in your Google GSuite organization

Setup Instructions

1. Open Single Sign on Settings in TeamRetro

  • Open TeamRetro
  • Browse to your ORGANIZATION page
  • Select the SETTINGS tab
  • Select SINGLE SIGN ON from the admin menu
  • You will be presented with your TeamRetro service provider (SP) settings
  • Leave this window open for the moment - we'll need this information to complete the configuration of the TeamRetro app in Google GSuite.

2. Configure Single Sign On in GSuite

  • Open GSuite admin console in a new tab or window (make sure you leave the TeamRetro SSO page open)
  • In your Google GSuite dashboard, click APPS - MANAGE APPS AND THEIR SETTINGS
  • On the SAML Apps page, click the "+" button in the lower right of the screen
  • Step 1 of 5 - Enable SSO for SAML Application
  • Step 2 of 5 - Google IdP Information
    • Under Option 2, click the DOWNLOAD button (IDP metadata) and save the .XML file to your computer - you'll need this in a moment.
    • Click NEXT
  • Step 3 of 5 - Basic information for your Custom App
    • Complete the form:
      • Application Name: TeamRetro
      • Description: Online agile retrospective meetings for distributed teams
      • Upload logo:
        Right-click on the logo above and select SAVE IMAGE AS.. to download to your computer. You can then click CHOOSE FILE in the GSuite setup window to upload to GSuite. 
    • Click NEXT 
  • Step 4 of 5 - Service Provider Details
    • Complete the GSuite "Service Provider Details" form:
      • ACS URL: [copy the LOGIN ACS URL from TeamRetro]
      • Entity ID: [copy the SP ENTITY ID from TeamRetro]
      • Start URL: leave blank
      • Signed Response: Checked
      • Name ID: Basic Information, Primary Email
      • Name ID Format: EMAIL
    • Click NEXT
  • Step 5 of 5 - Attribute Mapping
    • Use the ADD NEW MAPPING button to create the following three entries:
      • email, [Basic Information], [Primary Email]
      • firstName, [Basic Information], [First Name]
      • lastName, [Basic Information], [Last Name]

      For a full list of supported SAML attributes please see TeamRetro Supported SAML Attributes

    • Click  FINISH
  • Enable the application for your users
    Once GSuite has saved your new SAML application configuration, you should be directed to the GSuite TeamRetro application page. By default, the application is not available for your GSuite users. 
  • Click the DROPDOWN MENU in the top right, and select ON FOR EVERYONE

3. Configuring Single Sign On in TeamRetro

Back in TeamRetro, it's time to add your Google GSuite Identity Provider (IdP) details.

  • Under "Identity provider settings (IdP)", click UPLOAD METADATA
  • Find and open the metadata XML file you downloaded from GSuite a few minutes ago.
    If successful, the "IDP ENTITY ID", "LOGIN URL", and "SIGNING CERTIFICATE" fields should be automatically be populated
  • Toggle the identity provider to ENABLED
  • Click TEST LOGIN
  • You will be redirected to your identity provider to sign in. If you are redirected back to TeamRetro your configuration has succeeded. If you encounter any errors or warnings; please contact and we'll help you out.

What's Next

  • You will now be able to access TeamRetro along with your other GSuite Applications... no sign in required!
  • When you invite your team to join you in TeamRetro, they will be presented the option of signing in with your organization's SSO

Still need help? Contact Us Contact Us