Set up by: Company-level admin
It is strongly recommended to configure the feature in a separate incognito mode window of your browser. This way you keep the session in the standard window, allowing you to switch off the SSO authorization in case something is configured incorrectly.
If you wish to set up a test account before enabling SSO on production, please request it with your Account Executive or Miro Sales representative. Only those who configure SSO will be added to this test account.
We recommend to enable Classic UI in Okta before setting up the application.
Click Add Application from the Application list:
Applications section in Okta
Find Miro on the list of pre-configured apps and click Add:
Okta applications catalogue
You will be redirected to Sign-On Options of the Miro application. Make sure that the Default Relay State is set to https://miro.com/sso/saml
Scroll down below and make sure that Application username format is set to Email and click Done.
Claim Types section in Okta
⚠️ Email is the primary ID by which the user is recognized in Miro and should not be updated on the Okta's end unless you have SCIM enabled. If you don't use SCIM bu need to update your end user's addresses, please reach out to our Support team.
Note that User name attributes are comprised as follows: Miro will show DisplayName attribute if it's available and if it's not - FirstName + LastName.
Open the created application and again select Sign-On tab.
Click the Identity Provider metadata to be directed to a separate tab that contains x509 certificate. Copy the certificate and paste it to Miro SSO Settings in Key x509 Certificate field.
Go back to XML metadata file and copy the URL from SingleSignOnService line after Location= and paste it to SAML Sign-in URL.
You are all set!
Make sure that you have added at least one domain before clicking Save in Miro.