Skip to main content
All CollectionsIntegrations
SSO for Microsoft ActiveDirectory / Entra ID
SSO for Microsoft ActiveDirectory / Entra ID

Set up single sign-on with Microsoft Azure.

Nicole Capobianco avatar
Written by Nicole Capobianco
Updated over 9 months ago

ℹ️ Available on Premium and Supreme.

* NOTE: Trial accounts are restricted to Google SSO. Contact our Support team via the in-app chat at the bottom-right of your screen, or email support@perdoo.com, if this is a hindrance to your trial process.


💡 Pro tip: You can add 2FA (two-factor or multi-factor authentication) through our Single Sign-On (SSO) integration. Most SSO providers (Microsoft Azure, SAML, Google, etc.) allow you to enforce 2FA. Once this is enforced, 2FA will also be a requirement to log in to Perdoo.


Set up SSO with ActiveDirectory / Entra ID

2. From All services, search and select Enterprise applications service

3. Click New application

4. Click Create your own application

5. Give it a name and click Create.

6. Once it’s been created, go to Single Sign On and select SAML

7. Under Identifier (Entity ID), add the generic metadata url https://api-eu.perdoo.com/metadata/

8. Under Reply URL (Assertion Consumer Service URL) add the Service Provider ACS URL from Perdoo and hit Save.

Copy the URL you find in Configure > Integrations > SSO into Azure, it'll look like this:

9. Copy the Login URL into the SSO URL field in Perdoo, and the Azure AD Identifier into the Perdoo Entity ID field.

10. From the Azure navigation menu on the left, go to User Attributes & Claims, set user.mail as Name identifier value > Source attribute:

In Manage user claims set Source attribute as user.mail

11. Download the SAML Signing Certificate (Base64), and open it in a text editor. Then copy it into the IdP Certificate field in Perdoo.

12. Finally, test the connection. You’ll need to add some users or groups under Users and groups first.


FAQs

How do I get the attributes Firstname, Lastname, and Job Position updated?

  • For provisioning via SAML SSO, use the following fields: first_name , last_name, and job_position.

What happens when a user’s details are updated, for example job title or email? Would it automatically update in Perdoo?

  • No, it currently only copies it over upon creation. All fields, including email, are only copied over when the user is created and not on every login.

Is it possible to auto-populate Manager and Groups from our Azure?

  • Not currently, but we’re working on a way to make this possible.


Need a hand?

Contact our friendly Support team via the in-app chat at the bottom-right of your screen, or email support@perdoo.com.

Did this answer your question?