We do support SSO integration, more specific SAML 2.0 SSO. Our SSO integration works as an IDP-initiated sign-on, which means we will provide a URL that your organization will use to login to FunRetro. We do support just in time provisioning, so that means an account will be created on EasyRetro after the user logins using the SSO URL.

The SSO configuration is done after the main account subscribes to any plan that supports SSO. We will send the callback SSO URL and the provider id and you will send us the entity id, SSO Url, and certificate.

How does the SSO work in EasyRetro?

Our SSO is IDP-initiated sign-on, which means we will provide you a login URL so you can use it to login and to create a bookmark app into Okta or a similar service. Once you login with SSO the first time, your account will be transformed into SSO, and all data will keep the same. Now every time you invite a team member to join the team, they will be forced to join as SSO users. Existing members on teams you already have will not be forced to login with SSO, so we recommend you send the login link so they can change their accounts to SSO as well. Once an account is transformed into SSO, the account cannot be reverted to a normal login.

If you are using OKTA here is the integration steps:

You will need to create a SAML app on Okta using:
Single Sign On URL: https://funretro-pro.firebaseapp.com/__/auth/handler

EntityId: We will provide it to you after the subscription.

After this step you will need to send us your SAML setup information that you can find here:

After we configure the SAML on our side, we will send you the login URL that you can use to create a bookmark app on Okta, you will need to create this because we use IDP initiated authentication.


Did this answer your question?