Miro - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Miro using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Miro, ensure you meet the following requirements:
Miro admin rights (Business/Enterprise plan)
MPAS Admin rights
Make sure that all users intended to use SSO in Miro are registered in your IdP and have the necessary permissions to access Miro.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Miro - SSO configuration
Step 1 - Configure in Miro (Service Provider)
- Sign in to the Miro Admin Console (Enterprise/Business).
- Go to your company settings
- Go to Security, SSO/SAML (or Security → Authentication).
- Turn on SSO/SAML, then choose Add configuration.
SP Values (provided by Miro)
| Field | Value |
| Service Provider Entity ID | https://miro.com/ or https://workspace-domain.miro.com/ORGANIZATION_ID |
| Assertion Consumer Service (ACS) URL | https://miro.com/sso/saml or https://workspace-domain.miro.com/sso/saml/ORGANIZATION_ID |
IdP values to enter in Miro
| Field | Value |
| Identity Provider Single Sign-On URL (SAML Sign-in URL) | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml |
| X.509 Certificate | MPAS Certificate (See how to get it in Step 2) |
- make sure you have added the domain
- enable Just-in-time provisioning (JIT) and Sync user profile photos from identity provider
- Click on Save
Step 2 - Configure in Multi-Pass (Identity Provider)
- Select your tenant.
- Go to Integrations
- Click on Applications.
- Scroll down or use the search bar and click on the box called Miro
- You will a preconfigured settings determined to provide only that Miro's need and to let you know what you need to find from Miro.
- You will arrive on the form to complete.
Create application (form fields)
| Field | Value |
| Service Provider Entity ID | https://miro.com/ |
| Callback URL (= Assertion Consumer Service (ACS) URL) | https://miro.com/sso/saml |
| SAML Sign-in URL | https://ca.auth.kzero.com/realms/Randintegration/protocol/saml |
Tenant certificate | Key x.509 Certificate |
- Click on copy content to get the Key x.509 certificate required by Miro, go back to the app and paste it.
- Click on Add integration
- Now, look on the left side and click on Advanced Console.
- Select Client, search for the integration you just created.
- Verify the following parameters:
General settings
| Setting | Value |
| Client ID | https://miro.com/ |
| Name | Miro |
| Description | SSO Integration for Miro |
| Always Display in UI | ON |
Access settings
| Setting | Value |
| Home URL | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs | https://miro.com/* |
| IDP-Initiated SSO URL Name | <APP_NAME> |
SAML Capabilities — defaults if not specified
| Setting | Value |
Name ID format | email |
| Force Name ID Format | OFF |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption — defaults if not specified
| Setting | Value |
| Sign Documents | OFF |
| Sign Assertions | ON |
- Now that you have checked the different parameters, change to the tab called Keys.
- Make sure that both parameters are switched to OFF.
- Now go to the Advanced tab.
- The field Assertion Consumer Service POST Binding URL must equal the Valid Redirect URIs (ACS) = https://miro.com/sso/saml
Related Articles
Mulesoft - SSO Integration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...D2L Brightspace - SSO Integration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Pipedrive – SSO configuration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Pipedrive using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...Checkpoint - SSO Configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Checkpoint using MPAS. SSO simplifies user authentication by allowing access to multiple ...BambooHR - SSO Configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Bamboo HR using MPAS. SSO simplifies user authentication by allowing access to multiple ...