Knowledge Base

Using Pipedrive single sign-on with Microsoft Entra ID

BF
Breandan Flood, October 8, 2025
Note: This setup can only be performed by an admin user in both Microsoft Entra ID and Pipedrive.

Pipedrive’s single sign-on (SSO) feature integrates with Microsoft Entra ID (formerly Azure AD) to ensure that your team can access Pipedrive easily using your identity provider.


What is single sign-on (SSO)?

Single sign-on allows users to access Pipedrive using their Microsoft Entra ID credentials. It enhances security, reduces password fatigue and provides administrators with centralized control over user access.


Prerequisites

Before you begin, make sure:

  • You’re an admin user in both Pipedrive and Microsoft Entra ID
  • You can access Company settings > Single sign-on in Pipedrive
  • To write down your Pipedrive subdomain (e.g., companyname.pipedrive.com)

Installing Pipedrive in Entra ID

Note: For an in-depth guide on integrating Entra ID and Pipedrive, refer to this support page.

Start by going to your Entra ID account in Microsoft and selecting Identity > Enterprise applications > + New application.

From there, use the search bar to find Pipedrive and select it as the option.

Then click “Create” to add it to your enterprise applications.

Note: You can also rename your app connection during this step under Name.

Setting up SSO

Note: You can also find your SSO options by going to your enterprise applications and selecting Pipedrive.

After adding Pipedrive as an app, you’ll be redirected to a window with the details about your new connection.

From here, click “Single sign-on” and then select “SAML” from the available method options.


Configuring SAML in Microsoft Entra

First, open Pipedrive on a separate browser tab with the details you‘ll need to copy. Click your account menu > Company settings > Single sign-on.

You‘ll copy the data that’s under SAML configuration for your Identity Provider (IDP) over to the Basic SAML Configuration section, following the table below:

SSO data from Pipedrive

Where to paste it into Microsoft Entra

Metadata url: https://<COMPANY-NAME>.pipedrive.com/sso/auth/samlp/metadata.xml

Under “Identifier (Entity ID)”, click “Add identifier” and paste it in the text field.

Single Sign On (SSO) url: https://<COMPANY-NAME>.pipedrive.com/sso/auth/samlp

Under “Reply URL (Assertion Customer Service URL),” click “Add reply URL” and paste it in the text field.

Click “Save” at the top of the Microsoft Entra Basic SAML configuration page.

You should see a notification that your configuration was successfully saved.

Click the “X” at the top right corner to close the window.

Note: You can skip the testing for now; we‘ll get back to it later when everything is set up and working properly.

Under Attributes & Claims, make sure the field “Unique User Identifier” refers to user.userprincipalname, there‘s no need to change or add anything else.

Assigning users in Microsoft Entra

Still on the Microsoft Entra website, navigate to Users and groups > + Add user/group to open the Add Assignment screen.

On the Add Assignment panel, under Users, click “None Selected” to bring up the user selection panel.

On the following screen, select the users who will use the single sign-on and click on “Assign.”

Note: Email addresses must match perfectly between Pipedrive and Microsoft Entra ID, including capitalization. Any small difference will prevent single sign-on from working.

Configuring SAML on Pipedrive

Now you‘ll fill in the data in the SAML configuration for Pipedrive section of the Single sign-on area.

On the Microsoft Entra side, head over to sections 3 “SAML Certificates” and 4 “Set up Pipedrive” of the Single sign-on section.

There, you‘ll need to:

  • Copy App Federation Metadata Url under section 3 and paste it into Issuer (in Pipedrive)

  • Login URL under section 4 and paste it into Single Sign On (SSO) url (in Pipedrive)

Then:

Click on “download” next to “Certificate (Base 64),” open it in any text editor application, copy its contents and paste it into X.509 certificate (in Pipedrive).

Data from Microsoft Entra

Where to paste in Pipedrive

App Federation Metadata Url

Issuer

Login URL

Single Sign On (SSO) url

Certificate (Base 64)

X.509 certificate

After pasting the required data, go back to Pipedrive and click “Save and test.”

If the test fails, ensure that all URLs and certificates are correct and that your user emails used in Pipedrive match perfectly with the list on Microsoft Entra.

You can also try generating the enterprise application from scratch a second time, as this approach has proven successful on several occasions.

If you still can’t connect, contact Pipedrive support.

The final step is to toggle “Enable for users” at the bottom to activate single sign-on on Pipedrive.

Note: To disable password access to Pipedrive and rely on SSO alone, click “Enforce SSO login.”
Was this article helpful?

Yes

No

Related articles

Got any questions?

Contact us