Available for: Business Plan, Enterprise Plan
Set up by: Company Admins
đĄ It is strongly recommended to configure SSO in a separate incognito mode window of your browser. This way, you keep the session in the standard window, allowing you to switch off the SSO authorization in case something is misconfigured.
Configuring Miro within your organization is easier than ever with the integration app Google has created inside the Google Workspace Admin Console. This app allows you to configure Google SSO for use with Miro, as well as SCIM user provisioning.
This article focuses on configuring Google SSO for use with Miro.
If you wish to set up a test instance before enabling SSO on production, please request it with your Account Executive or Sales representative. Only those who configure SSO will be added to this test instance.
đĄ See the Miro SSO article for rules, supported features and optional configuration settings.
Read more on setting up Google SSO with Miro on Google's Help Center.
Setting up Google SSO for Miro using SAML
Setting up Google SSO to authenticate to Miro can be completed in four steps:
- Setting up Google as SAML identity provider
- Setting up Miro as SAML service provider
- Turning on Miro for users
- Testing authentication
- From your Google Workspace Admin Console, click Apps > Web and mobile apps
- In the Apps panel click the Add app drop-down, choose âSearch for appsâ and type âMiroâ
- Choose âMiro Web (SAML)â and click Select
- In the âGoogle Identity Provider detailsâ, under Option 2 verify that âSSO URLâ, âEntity IDâ, and âCertificateâ are all filled in, then click Continue. You will copy these values later when you configure Miro
- In the âService provider detailsâ, add the following values:
ACS URL: https://miro.com/sso/saml
Entity ID: https://miro.com/
Start URL: blank
Signed response: leave unchecked
Name ID: EMAIL - Click Continue
- In âAttribute mappingâ under âGoogle Directory attributesâ choose First Name, then choose Last Name, making sure they map to the App attributes
- Click Finish. You will now see your Miro app added to Google Workspace
Setting up Google SAML identity provider
- Open an Incognito tab in your browser and log into the Miro dashboard (miro.com/app/dashboard)Â
- Click your avatar in the top-right corner and click Settings
- From your Company settings, click Authentication. If you are a Business plan customer, this setting is in Security.Â
- Click the toggle to âTurn on SSO to set up SCIM provisioningâ
- You will be taken to the Authentication section of Company settings. Click the SSO/SAML toggle. You will be prompted to click Turn on to enable SSO for your organization
- For the SAML Sign-in URL, return to your Google Workspace Admin Console and within the Miro app, click DOWNLOAD METADATA. This panel gives you the option to copy the values needed
- Under SSO URL, click the Copy button. Go back to Miro and paste the value in SAML Sign-in URL
- Repeat this process for Key x.509 Certificate using the Certificate in Google
- Add your Domain information. Ensure youâve already set up and verified your domain
- Click Save
Configuring SSO authentication settings in Miro
- Return to the Google Workspace Admin Console
- If needed, click Web and mobile apps from the Apps menu and select Miro
- Click User access
- Click ON for everyone and click Save
Turning on the Miro app for all users
If youâd like to turn on Miro for specific organizational units, click the group in the Organizational Units first, then click ON. You may need to click OVERRIDE or INHERIT additionally.
- In the Google Workspace Admin Console, launch the Miro app if needed
- In the Miro section, click TEST SAML LOGIN
- A new tab should appear with Google SSO sign-in options
[GIF] - To test authentication in Miro, open a new Incognito tab and launch the Miro dashboard (miro.com/app/dashboard)Â
- You should see a sign-in page. Click Sign in with Single Sign On and login with your account credentials.
Testing Google SSO authentication with Miro
Alternatively, you can test in Miro:
- Complete the steps above to configure your SSO settings.
- Click the Test SSO configuration button.
- Review the results:
- If no issues are found, a confirmation message SSO configuration test was successful will be displayed.
- If issues are found, a confirmation message SSO configuration test failed will be displayed, followed by detailed error messages to guide you on what needs to be fixed.
â ïž If youâve previously configured SSO for your org and need to re-configure it, it's strongly recommended to turn off SSO in Miro before continuing in Google Admin Console; otherwise, you could lock yourself out of Miro. To prevent a lockout, create a 'break the glass' user with an email with a domain outside the domain listed in the SSO settings, like acmebreaktheglass@gmail.com. Otherwise, you can contact support, and they can disable SSO for the whole organization.
If you would like to configure user provisioning with Google, instructions can be found in the article âSetting up automated provisioning with Googleâ.Â