If your company has different DeepL subscriptions, you can enable SSO login for all (potential) team members of these subscriptions under a single identity provider.
This can benefit companies with different subsidiaries or other instances related to the same company that each have their own DeepL subscription.
To enable this option, we make use of Microsoft Azure Active Directory (AAD) multi-ACS (Assertion Consumer Service) capability.
Required:
-
Microsoft Azure Active Directory (P1, P2, or higher)
Other identity providers do not yet support multi-ACS. - SAML 2.0 as authentication protocol
Step 1: Define domain names
To set up SSO login for your teams, you need to define a domain name for each subscription:
- Reach out to your Sales Manager to request a domain name
- Wait for approval of your domain name
More information about how to set up a domain name and the stages of the approval process can be found here.
If you already have approved domain names for all subscriptions, you can continue to step 2.
Step 2: Set up an application in your identity provider
Next, in AAD, you need to configure one single DeepL SAML application with multiple ACS URLs, where each one corresponds to a single DeepL subscription.
You can download an in-depth step-by-step guide including troubleshooting instructions for Microsoft Azure Active Directory (AAD) here.
DeepL doesn't support IdP-initiated (Identity Provider) SSO login.
Step 3: Test the configuration
Next, you will be able to test the SP-initiated login.
If you haven't set up SSO for one of your subscriptions yet, you first need to complete step 2 described in this article.
To test the SP-initiated login as a team member (instead of a team admin), you can choose between the following options:
- Go to deepl.com > Log in > Continue with SSO > Enter the company SSO domain
Result: Your DeepL user is created in the corresponding DeepL subscription for which you entered the SSO domain. - Use the SSO domain (company.sso.deepl.com)
If you haven’t set up SSO for your team already, your team shouldn't log in via SSO yet and should continue to use the standard login with email address and password.
If you successfully logged in with SSO, you can proceed to SSO activation for the organizations that haven’t completed the SSO setup yet. You can learn more about SSO activation for SAML under step 4 in this article.