Skip to main content

DeepL Support Chat

To start a chat, please log in.

Single Sign-On (SSO)

Set up JIT group synchronization: OpenID Connect and Okta

Content is translated from English using DeepL Pro.
Required plan: DeepL Pro Advanced, Team, Ultimate, Business, Enterprise, Voice for Conversations, Voice for Meetings or Write Pro
These setup instructions are only available in English.

Prerequisites

  • Single sign on (SSO) is setup for DeepL. If you haven't set up SSO, follow the instructions in this article.
  • Admin access to DeepL
  • Protocol: OIDC (Open ID Connect)
  • Identity provider: Okta

To use Just-In-Time (JIT) provisioning with group synchronization, you need to update your SSO configuration in both DeepL and your Okta instance. 

 

Set the JIT group synchronization in Okta

  1. Go to your Okta instance and open the Applications section.
  2. Open your DeepL application.
  3. Go to the Sign On tab.
  4. Click Edit next to OpenID Connect ID Token.
  5. Select Filter for Groups claim type.
  6. For Groups claim filter enter groups, select Matches regex, and enter .*.

 

Enable JIT group synchronization in DeepL account

  1. Go to Settings in your DeepL admin account
  2. In section Team and Single sign-on click Edit.
  3. Enter the following information from Okta.
  4. Enable JIT Group Sync. The user’s group memberships will be read by DeepL during the login.

Setup groups

  1. Go to Okta.
  2. Create groups for the DeepL access and add users to the groups.
  3. Open the DeepL SSO application and select the Assignments tab.
  4. Click on Assign and select Assign to Groups.
  5. Go to your DeepL account.

  6. Create the same groups that you created in your Okta instance to manage your users.

    JIT Provisioning Group Sync does not create groups based on the OIDC token. If the token includes groups that do not exist in DeepL, that group information will be ignored, and the user is added only to the Default group. For more information, see this article.
  7. Go to the Groups tab and click on Create group.
  8. Enter a Group name.
    We recommend using the same name that you used for your groups in Okta. However, you may choose a different name, e.g., if your organization uses concealed group names in the identity provider.
  9. Enter the group name string from Okta under Group ID.
  10. Select one or several subscriptions the user group should have access to.
  11. Click on Create group to save the changes.
  12. Repeat this process for each group from your Okta instance. As a result, the groups you have granted access to the DeepL application will be reflected in your DeepL account.

 

Edit bookmark app

  1. Go to your DeepL bookmark app.
  2. Assign the same user and groups to the bookmark app as you have to the DeepL SSO app.
  3. Before testing, contact us by creating a request. Wait for the confirmation from our side.
  4. Test the SSO login with a user. Once the user logs in, they will be automatically assigned to the DeepL group or groups that match the Okta group based on the configured Group ID.
Was this article helpful?
0 out of 0 found this helpful
Your article rating has been submitted. Thank you!
Have more questions? Submit a request
Return to top

Related articles