Content is translated from English using DeepL Pro.
Required plan:
DeepL Pro Advanced, Team, Ultimate, Business, Enterprise, Voice for Conversations, Voice for Meetings or Write Pro
These setup instructions are only available in English.
Prerequisites
- Admin access to DeepL
- Protocol: SAML 2.0
- Identity provider: Microsoft Entra ID (formerly AzureAD)
- A company domain has been defined for the DeepL environment. For further information please check Setting up SSO for teams.
You have two options to provision users after setting up SSO for your team.
Set the SSO configuration in Microsoft Entra ID
Register an enterprise application
- Go to your Microsoft Entra ID instance and select Enterprise apps in the left-side panel.
- Click on New application in the top panel.
- Click on Create your own application in the top panel.
- Enter DeepL SSO under What's the name of your app?.
- Select Integrate any other application you don't find in the gallery (Non-gallery) and click Create.
Configure assignment
- Select Enterprise applications in the left-side menu
- Select the application that has been created automatically
- Select Properties from the left-side panel
- Check if Assignment required? is set to Yes
Configure single sign-on
- Select Single sign-on from the left-side panel and select SAML
- Click Edit next to Basic SAML Configuration
-
Under Identity (Entity ID) click Add identifier and enter
https://w.deepl.com/auth/realms/prod -
Under Reply URL (Assertion Consumer Service URL) click Add reply URL and enter
https://w.deepl.com/auth/realms/prod/broker/ALIAS/endpoint(Replace ALIAS with your chosen company SSO domain. The ALIAS value can be found under Company SSO domain in the SSO configuration area in your DeepL account.)
- Save the changes
- Click Edit next to Attributes & Claims
- Check if the following claims and attributes are set
- givenname
- surname
- emailaddress
- Click on Unique User Identifier (Name ID)
-
Select Persistent for the Name identifier format
Select user.pairwiseid for Source attribute
Save the changes - Click Edit next to SAML Certificates to check if SHA-256 or SHA-512 is enabled.
- Download the Federation Metadata XML under SAML Certificates
Set the SSO configuration in DeepL accounts
- Go to the Settings tab in your DeepL admin account.
Under Team and Single sign-on the SSO domain has the status Domain name approved. - Click Set up SSO next to Single sign-on.
In the Set up SSO form select SAML as the Authentication type - Select Import from file and upload the xml file you've saved from your Entra ID SAML configuration
- Set NameID policy format to Persistent
- Enter the following
- Assertion attribute: First name = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
- Assertion attribute: Last name = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
- Assertion attribute: Email address = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
You have two options to provision users after setting up SSO for your team.
If you only setting up SSO, test the configuration with a test user and activate SSO in your DeepL admin account.