English (US)
Deutsch
Español (América Latina)
Français
Português (BR)
Log inTry it free
Knowledge Base
Status
Contact Support
Knowledge BaseStatusContact Support

Knowledge Base

Knowledge Base/Privacy and security/Security features/Using Pipedrive singl...

Topics
Install an app and assign a user
Configuring SSO
Testing the SSO setup

Using Pipedrive single sign-on with Azure AD

BF
Breandan Flood, June 13, 2022
Note: This can only be set up by the admin user in both Azure AD and your Pipedrive account.

Pipedrive's single sign-on (SSO) feature integrates with Azure AD to ensure that your team can access Pipedrive easily using your identity provider.

Install an app and assign a user

The first step for you to set up Pipedrive single sign-on with Azure AD is to install an app. Go to your Azure Portal and, in Azure AD, add a new application.

To do this, go to the sidebar on the left-hand side of the page, select "Enterprise applications - New application" and search for Pipedrive.

Azure AD select PD

You can rename the app if you wish, Pipedrive XYZ in the example below. Next, click "Create".

Pipedrive XYZ

Click into your new app in Azure AD, and add yourself to the app by clicking on the "Assign users and groups" option. To start, add yourself to the account.

Note: The first user added to Azure AD should be an admin user in Pipedrive and Azure AD.

Azure getting started

Configuring SSO

Once you have added yourself to the application, click on the Single-sign-on-option > SAML.

SSO SAML

In your Pipedrive account, go to Settings - Security Centre - Single sign-on.

SSO SLO-Removed


In Azure, go to the Single-Sign-On > SAML section of your Pipedrive app settings and copy and paste the values from your Pipedrive web app settings page.

You should first match the values from the Metadata URL in Pipedrive to the Azure AD Identifier, as well as Pipedrive's single sign-on (SSL) URL to Azure's Reply URL.

SAML
SAML2


Next, in Azure AD you will need to add your User Attributes & Claims.

User A Claims

Once done, you should then copy the App Federation Metadata Url from Azure and paste it to the Issuer field in Pipedrive.

SAML3
SSO


Next, you will need to download the Certificate (Base64) from Azure AD. Once downloaded, open the certificate in any text editor and copy and paste the text to the X.509 certificate field in your Pipedrive SSO settings page.

SAML Cert
Cert blur

You will then need to match your Login Url from Azure to the single sign-on (SSO) URL in Pipedrive.

Login URL
SSO url

Testing the SSO setup

The next step is for you to test your SSO setup. On your Pipedrive SSO settings page, click on "Test". If the setup has been successful, you should see the following message – "SSO login test successful! Enable SSO/SAML for users?"

Note: You should not click "Enforce SSO login" yet.


You can now select "Enable for users" in order to enable the feature. You should then log out from Pipedrive, go to your Office 365 account home page and select your Pipedrive app from your list.

This will initiate an IDP login and, if you are logged in successfully, your SSO has been set up correctly.

If you would like your team to start using SSO, you can go to your Pipedrive SSO settings page and click "Enforce SSO login".

Note: For additional information on setting up SSO with Azure AD, you can read this article.
Was this article helpful?

Yes

No

Related articles

Got any questions?

Contact us