Set up by: Company-level admin
It is strongly recommended to configure the feature in a separate incognito mode window of your browser. This way you keep the session in the standard window, allowing you to switch off the SSO authorization in case something is configured incorrectly.
If you wish to set up a test account before enabling SSO on production, please request it with your Account Executive or Sales representative. Only those who configure SSO will be added to this test account
Adding and configuring the app
1. Find the Miro pre-configured application in Azure AD Enterprise Application Gallery (Enterprise Applications > +New Application)
2. Create the application and click 2. Set up single sign on (or select Single sign-on from the left side and select the SAML sign-on method.
3. You will see that the Basic SAML Configuration is already in place:
⚠️ if after everything is set up the SSO login fails, try changing the Entity ID from https://miro.com to https://miro.com/
⚠️ Sign-on URL and other fields are optional. Please note that Miro does not support Single Sign-Out.
The Attributes & Claims are also already in place:
⚠️ Note that:
a) the UPN will become the main parameter by which a user in Miro will be recognized and this parameter will not be updateable from the Azure side. When you need to update user emails in Miro without using SCIM, please reach out to our support team.
b) Miro will accept GivenName, Surname, DisplayName and ProfilePicture. Other attributes are not supported via SSO but can be transferred via SCIM.
Creating the Certificate
1. Scroll down to SAML Signing Certificate section and click to Add a certificate:
2. Click +New Certificate and choose the Signing Option = Signed SAML Assertion or Signed SAML response and assertion. Assertion must be signed.
3. Click Save.
4. Click More options for the certificate and first make the certificate active and then download the Base64 file.
Configuring SSO in your Miro account
1. Open the downloaded file in a text editor and copy-paste the x509 certificate from the file to the Miro respective Miro field in the SSO settings.
2. Scroll a bit lower in the Azure settings and find Login URL and paste it to SAML Sign-in URL in Miro.
3. Make sure that you have added at least one Company Domain before hitting Save button.
And that's all! Your SSO configuration is now complete.
If you'd like to also enable auto-provisioning for Miro, check out this article.
If you encountered any issues during configuration, please check out this article.