We do support SSO integration, more specifically SAML 2.0 SSO.
For now, you can only make SSO Integration if you have Enterprise 10, Enterprise 15, Enterprise 20, or Enterprise Ultd Plan.
Our SSO integration works as an IDP-initiated sign-on, which means we'll provide a URL that your organization will use to login to EasyRetro. We support just-in-time provisioning, so that means an account will be created on EasyRetro after the user logins using the SSO URL.
The SSO configuration is done after the main account subscribes to any of our plans that support SSO. We'll send you the callback SSO URL and the provider id, after that you'll have to send us the entity id, SSO Url, and certificate.
How does the SSO work in EasyRetro?
Our SSO is IDP-initiated sign-on, which means we'll provide you a login URL so you can use it to login and to create a bookmark app into Okta or a similar service. Once you log in with SSO the first time, your account will be transformed into SSO, and all data will keep the same. Now every time you invite a team member to join the team, they'll be forced to join as SSO users. Existing members on teams you already have won't be forced to login with SSO. We recommend sending them the login link so they can change their accounts to SSO as well.
Note: Once an account is transformed into SSO, the account cannot be reverted to a normal login.
If you're using OKTA here are the integration steps:
Step 1. You'll need to create a SAML app on Okta using:
- Single Sign-On URL: https://funretro-pro.firebaseapp.com/__/auth/handler
- EntityId: We'll provide it to you after the subscription
Step 2. On Okta click on the "Create New App" button to add a new SAML application
Step 3. Select "SAML 2.0"
Step 4. Add an App name. You can give your application the name "EasyRetro"
Step 5. Now enter the "Single sign on URL" as https://funretro-pro.firebaseapp.com/__/auth/handler, and also enter the "SP Entity ID" that we provided you
Step 6. Click on the "Next" button
Step 7. Now click on the "Finish" button
Step 8. After clicking on the "Finish" button you'll create your app, and you'll need to send us your SAML setup information that you can find here ⬇️
Step 9. Your final configuration on the "General" tab should look like this ⬇️
Step 10. Now you need to assign your users on the "Assignments" tab
Final Step. After we configure the SAML on our side, we'll send you the login URL that you can use to create a bookmark app on Okta. you have to create this app because we use IDP-initiated authentication.
In case you don't know how to create a bookmark app on Okta, click here to check out this step-by-step guide.