Knowledge Base

If you have a big Sales team, you know the administrative pain of creating multiple new accounts every time someone joins your team.

To help you cut back onboarding time and overheads, we have single sign-on – or SSO.

Setting up SSO

An account with SSO enabled only requires one set of logins for all of your users. You can set up an account for them in your system and they'll automatically have login credentials for Pipedrive, saving your team time and effort.

To configure SAML settings for single sign-on, account settings admin users can go to Company settings > Single sign-on in their company Pipedrive account.

You'll need to enter several keys and certificates that your internal IT team should be able to provide. Once you‘ve tested the provided information and confirmed that it works, click “Enable for users.”

The information will need to be copied over to your SSO provider. We have more information on how to set up SSO for the most popular SSO providers here:

• SSO with Entra ID (formerly Azure AD)
• SSO with Okta

User access

Granting users access

A user must be given access to Pipedrive in your SSO provider (e.g., Okta) settings before they can log in to Pipedrive using SSO.

If the user is already active in Pipedrive using the same email, a user verification flow will activate.

Logging in and logging out

Go to your account's settings to set up log in with single sign-on.

Deactivating a user

When deactivating a Pipedrive user through your SSO system, keep the following things in mind:

• Deactivating a user disables their login credentials. If you don't intend to replace that user, make sure to remove the seat as well to avoid any unexpected charges on your invoice.
• While the user's login credentials will be disabled, they can still access their account for up to thirty days if they remain logged in. To prevent any issues, we suggest asking users to log out of Pipedrive before deactivating them in both Pipedrive and your SSO provider.