To ensure that your users can access Miro securely, configure Single sign-on (SSO).
When a user submits their credentials to sign into Miro, Miro sends a request to your identity provider (IdP) to validate their credentials. If your IdP confirms their identity, then the user can access Miro.
Your Enterprise subscription can leverage any identity provider, like Entra ID, Google SSO, and Okta.
How to configure Single sign-on
The following procedure explains how to configure SSO in Miro.
Prerequisites
Ensure that you complete the following prerequisites:
- Configure your identity provider (IdP) for Miro.
The following list provides setup instructions for supported identity providers: - (Optional) Create a break glass user.
A break glass user is an account outside the SSO domain, like break.glass@gmail.com, with high privileges. In an emergency, like a service outage or cyber attack, your break glass user supports recovery. To learn more about privileged break glass users, see Break glass privileged accounts for disaster recovery.
Procedure
Follow these steps:
- Go to Admin console.
- Select Authentication.
- Select + Add identity provider.
The Add identity provider menu opens. - Follow the on-screen instructions.
✏️ Your IdP issues your public Key x.509 Certificate.
- (Optional) To select a default team for new users to join when they register, known as Just-in-time provisioning, tick Automatically add all newly registered users from the listed domains to your Enterprise account.
- (Optional) To sync user profile photos from your IdP, tick Sync user profile photos from IDP.
- (Optional) To always require authentication, tick Always require authentication.
You have successfully configured SSO in Miro.
More information:
-
Single sign-on (SSO)
Learn more about testing, renewing, and optional settings for SSO.
Next: 3.2 Setting up SCIM
To continue your Miro Enterprise configuration, set up SCIM.