ℹ️ Available on Premium and Supreme.
* NOTE: Trial accounts are restricted to Google SSO. Contact our Support team via the in-app chat at the bottom-right of your screen, or email support@perdoo.com, if this is a hindrance to your trial process.
💡 Pro tip: You can add 2FA (two-factor or multi-factor authentication) through our Single Sign-On (SSO) integration. Most SSO providers (Microsoft Azure, SAML, Google, etc.) allow you to enforce 2FA. Once this is enforced, 2FA will also be a requirement to log in to Perdoo.
Set up SSO with ActiveDirectory / Entra ID
1. Go to https://portal.azure.com
2. From All services, search and select Enterprise applications service
3. Click New application
4. Click Create your own application
5. Give it a name and click Create.
6. Once it’s been created, go to Single Sign On and select SAML
7. Under Identifier (Entity ID), add the generic metadata url https://api-eu.perdoo.com/metadata/)
8. Under Reply URL (Assertion Consumer Service URL) add the Service Provider ACS URL from Perdoo and hit Save.
Copy the URL you find in Configure > Integrations > SSO into Azure, it'll look like this:
9. Copy the Login URL into the SSO URL field in Perdoo, and the Azure AD Identifier into the Perdoo Entity ID field.
10. From the Azure navigation menu on the left, go to User Attributes & Claims, set user.mail as Name identifier value > Source attribute:
11. Download the SAML Signing Certificate (Base64), and open it in a text editor. Then copy it into the IdP Certificate field in Perdoo.
12. Finally, test the connection. You’ll need to add some users or groups under Users and groups first.
FAQs
How do I get the attributes Firstname, Lastname, and Job Position updated?
For provisioning via SAML SSO, use the following fields:
first_name,last_name, andjob_position.
What happens when a user’s details are updated, for example job title or email? Would it automatically update in Perdoo?
No, it currently only copies it over upon creation. All fields, including email, are only copied over when the user is created and not on every login.
Is it possible to auto-populate Manager and Groups from our Azure?
Not currently, but we’re working on a way to make this possible.
Why do I get the error AADSTS50105 when trying to login via SSO with Azure AD?
If you receive the below error message when trying to log in to Perdoo via SSO/SAML, your Azure administrator needs to add you to the correct group so you are able to access Perdoo again.
Sorry, but we’re having trouble with signing you in.
AADSTS50105: Your administrator has configured the application Perdoo (SSO) to block users unless they are specifically granted ('assigned') access to the application. The signed in user is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application.
Here are the steps for your Azure administrator:
Navigate to https://portal.azure.com/
Search for Azure Active Directory
Click Enterprise applications
Search for Perdoo
Click + Add user/group
Select the user who needs access to the app
You can find more information from Microsoft here.
Need a hand?
Contact our friendly Support team via the in-app chat at the bottom-right of your screen, or email support@perdoo.com.