Getting Started with Single Sign-On
All TeamRetro plans include support for SAML Single Sign On.
If your organization uses an identity provider with SAML support such as Google Workspace, Microsoft Azure AD, OneLogin, OKTA etc... you can configure TeamRetro to allow your organization members to sign in using their corporate credentials.
This provides an additional level of security and convenience.
Key SSO URLs
When you configure an identity provider in TeamRetro (under Settings → SSO → Add Identity Provider), you'll see three important URLs in the Service Provider (SP) settings section:
| URL | Label in TeamRetro | Purpose |
|---|---|---|
https://sso.teamretro.com/{slug}/saml/loginConsume |
Assertion Consumer Service URL (ACS) | Only for IdP configuration. Enter this in your identity provider's ACS / Reply URL / Single sign-on URL field. Do not use this as a direct link — it only accepts responses from your IdP and will show "Page Not Found" if opened in a browser. |
https://sso.teamretro.com/{slug}/saml/login |
SSO Login URL | Use this for app tiles, bookmarks, and user-facing links. When users visit this URL, TeamRetro redirects them to your IdP to sign in, then brings them back automatically. |
https://sso.teamretro.com/{slug}/saml/logoutConsume |
Single Logout URL (SLO) | For IdP configuration only. Enter this in your IdP's SLO / Single Logout URL field (optional). |
Tip:
If your identity provider has an app tile, launcher, or bookmark feature (like Okta's app tile, Entra ID's My Apps, or a custom portal), set it to the SSO Login URL — not the Assertion Consumer Service URL (ACS).
IdP Setup Guides
For details on how to set up Single Sign On, please select your identity provider below.
- AuthO
- Google Workspace (aka Google GSuite, Google Apps)
- OKTA
- OneLogin
- Microsoft Entra ID (formerly Azure AD)
Don't see your identity provider listed? Let us know!
For a full list of supported SAML attributes please see TeamRetro Supported SAML Attributes