Prerequisites
- Admin access to DeepL
- Protocol: SAML 2.0
- Identity provider: Microsoft Entra ID (formerly AzureAD)
- A company domain has been defined for the DeepL environment. For further information please check Setting up SSO for teams.
Set the SSO configuration in OneLogin
Add application
- Go to your OneLogin instance and click Applications.
- Click on Add Apps.
- Search for the SAML connector SAML Custom Connector (Advanced).
- Enter DeepL SSO under Display Name and keep Visible in portal enabled.
- Upload the DeepL icon and Save.
- Select Configuration from the left-side menu.
-
Enter the following under Audience (EntityID)
https://w.deepl.com/auth/realms/prod -
Enter the following under Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL
https://w.deepl.com/auth/realms/prod/broker/ALIAS/endpoint(Replace ALIAS with your chosen company SSO domain. The ALIAS value can be found under Company SSO domain in the SSO configuration area in your DeepL account.)
-
Enter the following under Login URL
https://alias.sso.deepl.com/(Replace ALIAS with your chosen company SSO domain. The ALIAS value can be found under Company SSO domain in the SSO configuration area in your DeepL account.)
-
Set SAML initiator to Service Provider and SAML nameID format to Persistent
-
Add parameters
- Select Parameters form the left-side menu
- Click on the plus icon in the right side
- Add following three SAML assertions with the following Field name and Value
-
firstName: First Name
-
email: Email
-
lastName: Last Name
-
Get Metadata URL
- Select SSO from the left side menu
- Copy the metadata URL from Issuer URL and use it to continue to set the SSO configuration in DeepL admin account. For more information, see Set the SSO configuration in DeepL account.
- Check if SHA-256 or SHA-512 is selected under SAML Signature Algorithm
- Save the changes
Set the SSO configuration in DeepL account
- Go to the Settings tab in your DeepL admin account.
Under Team and Single sign-on the SSO domain has the status Domain name approved. - Click Set up SSO next to Single sign-on.
In the Set up SSO form select SAML as the Authentication type - Select Import from URL paste the Metadata URL from OneLogin. For more information, see Get Metadata URL.
- Set NameID policy format to Persistent
- Enter the following
- Assertion attribute: First name = firstName
- Assertion attribute: Last name = lastName
- Assertion attribute: Email address = email
Give user access
- Go to your OneLogin instance and click Applications
- Select the DeepL application
- Select Access from the left-side menu
- Select the role you’ve created for DeepL access. If you haven't created a role yet, go to Users and select Roles.
- Save the changes
If you only setting up SSO, test the configuration with a test user and activate SSO in your DeepL admin account.