In order to configure Okta integration with Metro Retro you will need:
Admin access to your Metro Retro account.
Admin access to your Okta account.
One or more authorized domains adding to your Metro Retro account (see end of article).
A note of your organizations Metro Retro Account ID.
How to find your Metro Retro Account ID
Before you begin, you will need your organization's 12 character Metro Retro Account ID. You can find this in the under the management menu within Metro Retro: https://metroretro.io/manage
Metro Retro Account ID
From within the Okta dashboard, choose Applications and Create App Integration. Select SAML 2.0 and press Next.
Set the name as Metro Retro and optionally add an icon. We have prepared an Okta compatible logo image here: https://s.metroretro.io/site/logo/okta.png
Under SAML Settings, set the Single Sign-On URL to https://metroretro.io/login/saml and set Audience URI (SP Entity ID) to Your Account ID (see start of document).
Under Attribute Statements, add the following mappings:
firstName (basic) -> user.firstName
lastName (basic) -> user.lastName
email (basic) -> user.email
Choose "I'm an Okta customer adding an internal app". You may optionally fill in any other fields on this form that are appropriate for your organization, they are not required for the integration to work.
You should see the screen below, if not, click View Setup Instructions. The three values on the setup screen need to be added to Metro Retro under Management / Single Sign-On.
Data for Metro Retro from Okta
Data added to Metro Retro
Once added, click Save Configuration. We recommend leaving the "Restrict login" setting off until you are sure all your team members are able to login via SSO otherwise it may block their access.
If you have not already had your authorized domains configured by a Metro Retro team member, please contact us on Intercom or at [email protected] to set these up. The domains must include all domains that your team will login from.