Skip to main content

DeepL Support Chat

To start a chat, please log in.

Single Sign-On (SSO)

Set up JIT group synchronization: OpenID Connect and OneLogin

Content is translated from English using DeepL Pro.
Required plan: DeepL Pro Advanced, Team, Ultimate, Business, Enterprise, Voice for Conversations, Voice for Meetings or Write Pro
These setup instructions are only available in English.

Prerequisites

  • Single sign on (SSO) is setup for DeepL. If you haven't set up SSO, follow the instructions in this article.
  • Protocol: OIDC (Open ID Connect)
  • Identity provider: OneLogin

To use Just-In-Time (JIT) provisioning with group synchronization, you need to update your SSO configuration in both DeepL and your OneLogin instance. 

 

Set JIT group synchronization in OneLogin

Edit groups parameter

  1. Select Parameters from the left-side menu.
    There is a default parameter called Groups.
  2. Click on the parameter Groups and select the following in section Default if no value is selected.
    • User Roles
    • Semicolon Delimited input (Multi-value output)
  3. Save the changes.
The configuration also works if you source the OneLogin directory from Microsoft Entra ID.

Set up roles and grant access

  1. Go to Users and select Roles.
  2. Click on New Role, enter a role name and select the DeepL application.
  3. Save the changes.
  4. Add all roles necessary for DeepL user access.
  5. Go to Applications and select the DeepL application.
  6. Select Access from the left-side menu.
  7. Select the roles you’ve created for DeepL access.
  8. Add users to the created roles. 

 

Enable JIT group synchronization in DeepL account

  1. Go to Settings in your DeepL admin account
  2. In section Team and Single sign-on click Edit.
  3. Enter the following information from OneLogin.
    • OpenID Connect metadata
      You find the Well-known configuration URL in OneLogin under SSO and Issuer URL. Right-click on the URL and select Copy link address.
    • Client Secret
    • Enter groups as the Group Claim Name.
  4. Enable JIT Group Sync. The user’s group memberships will be read by DeepL during the login.

OneLogin_SSO_config_account_screen.png

 

Set up groups in DeepL account

  1. Go to tab Groups and click on Create Group.

    JIT Provisioning Group Sync does not create groups based on the OIDC token. If the token includes groups that do not exist in DeepL, that group information will be ignored, and the user is added only to the Default group. For more information, see this article.

  2. Enter a Group name.
    We recommend using the same name that you used for your roles in OneLogin. However, you may choose a different name, e.g., if your organization uses concealed role names in the identity provider.

  3. Enter the Role name string from OneLogin under Group ID in your DeepL account.

    The group ID is handled as case-sensitive. Check that you entered the correct lower and upper case writing of the role name from OneLogin.

    OneLogin_roles_for_access.png

  4. Select one or several subscriptions the user group should have access to.
    DeepL_add_groupID.png
  5. Click on Create group to save the changes.
  6. Repeat this process for each role from your OneLogin instance. As a result, the roles you have granted access to the DeepL application will be reflected in your DeepL Account.
  7. Before testing, contact us by creating a request.
    Wait for the confirmation from our side.
  8. Test the SSO login with a user. Once the user logs in, they will be automatically assigned to the DeepL group or groups that match the OneLogin group based on the configured Group ID.
Was this article helpful?
0 out of 0 found this helpful
Your article rating has been submitted. Thank you!
Have more questions? Submit a request
Return to top

Related articles