๐Google Integration
Last updated
Last updated
In order to configure Google SSO integration with Metro Retro you will need:
Admin access to your Metro Retro account.
Admin access to your organization's Google account.
One or more authorized domains adding to your Metro Retro account (see end of article).
A note of your organizations Metro Retro Account ID.
Before you begin, you will need your organization's 12 character Metro Retro Account ID. You can find this in the under the management menu within Metro Retro: https://metroretro.io/manage
From within the Google dashboard, choose Apps > Web and Mobile Apps from the left hand navigation. Then, click Add App and choose Custom SAML App.
Set the name as Metro Retro and optionally add an icon. We recommend using this image as the icon: https://s.metroretro.io/site/logo/logo-padded.png
Click Continue.
Here we will configure Metro Retro with the settings it needs to communicate with the Google IDP service. To do this, open a new tab/window in your browser and go to https://metroretro.io/manage/security/sso.
Copy the settings from the Google screen into Metro Retro as follows:
For "Entry Point" use the "SSO URL" value
For "Issuer" use the "Entity ID" value
For "Certificate" use the "Certificate" value (note will be quite large).
Once copied, click Save.
Back on the Google page, click Continue.
On this screen we configure the Google side with the configuration it needs to communicate with Metro Retro.
Input the following settings:
For "ACS URL" use https://metroretro.io/login/saml
For "Entity ID" use your Metro Retro Account ID (see above on where to find this).
Leave all other settings as their defaults.
Click Continue.
The final step is to configure which profile values Google will send to Metro Retro. We need to map three of these:
"First name" should be mapped to firstName
"Last name" should be mapped to lastName
"Email name" should be mapped to email
Click Continue to complete the setup wizard.
Depending on how your organization is configured, it's likely that Metro Retro will be OFF for all users by default. You can control which users have access to the app via the User Access screen available from inside the App information panel. The easiest way to configure this is to set the app ON for everyone.
If you have not already had your authorized domains configured by a Metro Retro team member, please contact us on Intercom or at contact@metroretro.io to set these up. The domains must include all domains that your team will login from.
