We do support SSO integration, more specifically SAML 2.0 SSO.

For now, you can only make SSO Integration if you have Enterprise 10, Enterprise 15, Enterprise 20, and Enterprise Ultd Plan.

Our SSO integration works as an IDP-initiated sign-on, which means we'll provide a URL that your organization will use to login to EasyRetro. We do support just-in-time provisioning, so that means an account will be created on EasyRetro after the user logins using the SSO URL.

The SSO configuration is done after the main account subscribes to any of our plans that support SSO. We'll send the callback SSO URL and the provider id and you'll send us the entity id, SSO Url, and certificate.

How does the SSO work in EasyRetro?

Our SSO is IDP-initiated sign-on, which means we'll provide you a login URL so you can use it to login and to create a bookmark app into Okta or a similar service. Once you log in with SSO the first time, your account will be transformed into SSO, and all data will keep the same. Now every time you invite a team member to join the team, they'll be forced to join as SSO users. Existing members on teams you already have will not be forced to login with SSO, so we recommend you send the login link so they can change their accounts to SSO as well.

Note: Once an account is transformed into SSO, the account cannot be reverted to a normal login.

If you're using OKTA here is the integration steps:

First, you'll need to create a SAML app on Okta using:

Single Sign-On URL: https://funretro-pro.firebaseapp.com/__/auth/handler

EntityId: We'll provide it to you after the subscription.

After this procedure you'll need to send us your SAML setup information that you can find here:

After we configure the SAML on our side, we'll send you the login URL that you can use to create a bookmark app on Okta, you'll need to create this because we use IDP initiated authentication.

Here's an article that shows you how to create a bookmark app:


Did this answer your question?