ℹ️ Premium and Supreme only
* NOTE: Trial accounts are restricted to Google SSO. Contact our Support team via the in-app chat at the bottom-right of your screen, or email firstname.lastname@example.org, if this is a hindrance to your trial process.
In this article:
💡 Pro tip: You can add 2FA (two-factor or multi-factor authentication) through our Single Sign-On (SSO) integration. Most SSO providers (Microsoft Azure, SAML, Google, etc.) allow you to enforce 2FA. Once this is enforced, 2FA will also be a requirement to log in to Perdoo.
Set up SSO with Azure
1. Go to https://portal.azure.com
2. From All services, search and select Enterprise applications service
3. Click New application
4. Select Non-gallery application
5. Give it a name and hit Add
6. Once it’s been created, go to Single Sign On and select SAML
7. Under Identifier (Entity ID), add the generic metadata url https://api-eu.perdoo.com/metadata/)
8. Under Reply URL (Assertion Consumer Service URL) add the Service Provider ACS URL from Perdoo and hit Save.
Copy the URL you find in Configure > Integrations > SSO into Azure, it'll look like this:
9. Copy the Login URL into the SSO URL field in Perdoo, and the Azure AD Identifier into the Perdoo Entity ID field.
10. From the Azure navigation menu on the left, go to User Attributes & Claims, set user.mail as Name identifier value > Source attribute:
11. Download the SAML Signing Certificate (Base64), and open it in a text editor. Then copy it into the Service Provider Certificate field in Perdoo, it should look something like this:
12. Finally, test the connection. You’ll need to add some users or groups under Users and groups first.
How do I get the attributes Firstname, Lastname, and Job Position updated?
For provisioning via SAML SSO, use the following fields:
What happens when a user’s details are updated, for example job title or email? Would it automatically update in Perdoo?
No, it currently only copies it over upon creation. All fields, including email, are only copied over when the user is created and not on every login.
Is it possible to auto-populate Manager and Groups from our Azure?
Not currently, but we’re working on a way to make this possible.
Need a hand? Contact our friendly Support team via the in-app chat at the bottom-right of your screen, or email email@example.com.