Set up by: Company Admins
💡 It is strongly recommended to configure SSO in a separate incognito mode window of your browser. This way, you keep the session in the standard window, allowing you to switch off the SSO authorization in case something is misconfigured.
If you wish to set up a test instance before enabling SSO on production, please request it with your Account Executive or Sales representative. Only those who configure SSO will be added to this test instance.
⚠️ See our main SSO article here for rules, supported features and optional configuration on the Miro end.
The instruction by Google can be found here.
Setting up Google
Adding and configuring the app
From the Admin console Home page, go to Apps > Web and mobile apps.
- Click Add App > Add custom SAML app.
- On the App Details page enter the name of the app, for example simply Miro. You may also upload an app icon (optional).
In the Service Provider Details section, fill out the fields:
ACS URL - https://miro.com/sso/saml
Entity ID - https://miro.com/
Start URL - must be left empty
Signed response - must be left unsigned
Name ID format - set as EMAIL.
Required app configuration
Optionally you can also add a custom ProfilePicture attribute setting the format to TEXT and providing a publicly accessible URL to the image as the value.
User Credentials (Claim Types)
In the SAML attribute mapping section set the attributes that will define your end-user's Username in Miro. Miro will accept the FirstName and LastName pair (or the DisplayName instead - for that see Optional settings).
As a final step switch the app ON for some or all your users:
Enabling the app for the users
As a result your configuration should look something like this:
Setting up Miro
On the Google Identity Provider details page, get the SSO URL link in the Download Metadata section. Open your Miro Company settings > Enterprise Integrations > SSO and fill out the parameters like so:
- Copy the SSO URL and add it to the Miro's SAML Sign-in URL field
- Download the Certificate, open the file in a text editor and copy and paste the value in the Key x509 Certificate field
As a final step of the Miro settings add your domains and verify them. You may also configure the optional settings. After enabling Google SSO, end-users need to log out of their Google account and log back in to be able to sign in to Miro.
At the moment, this identity provider does not support SCIM due to restrictions to our preconfigured app in the Google catalogue. We requested the necessary update with Google, but so far, the provisioning feature has not been added.