OpenID stands out due to its wide compatibility with nearly all SSO providers, including industry leaders like Okta, OneLogin, Google, and Pingfederate, often referred to as Identity Providers or IdPs. This integration allows Deel users to enforce a uniform login method across various contract types and client admin roles, enabling them to sign in through their preferred provider.
This article explains how to set up and use the OpenId Connect Integration so your organization can rely on Single Sign-On, using Microsoft Entra ID as the Identity Provider, and require employees to authenticate using your Microsoft Entra ID Users directory.
In this article:
- Before you begin
- How to connect the OpenId connect connector
- How to set up a new Microsoft Entra ID Enterprise application
Before you begin
Before proceeding, check out the initial How to configure OpenID article.
How to connect the OpenId Connect Connector integration
To set up SSO using the OpenId Connect protocol, you need to connect to the OpenId Connect integration.
✅ Step 1 - Go to More > Apps > and search for OpenId Connect.
✅ Step 2 - Enter the integration setup. Keep this screen open to get these fields from Azure.
How to set up a new Microsoft Entra ID Enterprise Application
✅ Step 1 - In the Microsoft Entra ID portal, go to the Entra Id service.
✅ Step 2 - Click Add > App Registration.
✅ Step 3 - Give it a name, for example, Deel. Choose your desired Supported Account Types, and leave Redirect URL blank for now, to be revisited later. Then click on Register.
✅ Step 4 - Copy Application (client) ID and paste it on the Client ID field, on Deel configuration.
✅ Step 5 - Now, click on Endpoints and copy the OpenID Connect metadata document url. Paste that URL in the Well-known URL field, on Deel configuration.
✅ Step 6 - Create a new secret. Click Certificates & secrets, then New client secret.
✅ Step 7 - Enter a name, choose the desired expiration date, and click Add.
✅ Step 8 - Copy the secret Value and paste it into the Client Secret field on Deel configuration.
✅ Step 9 - Click Connect & Go To Settings.
✅ Step 10 - In the Single Sign-On options, enter a name and copy the Redirect URL.
✅ Step 11 - Back to Microsoft Entra's app configuration, click Authentication, then Add a platform.
✅ Step 12 - Select Web, paste the Redirect URL in the Redirect URIs field, and click Configure.
✅ Step 13 - Go to Branding & properties and paste the Redirect URL in the Home page URL field.
✅ Step 14 - On the API permissions page, grant admin consent for Default Directory, so the application has consent to send users information to Deel.
✅ Step 15 - With the app created, go back to Entra's Default Directory > Enterprise Applications and select the just-created application.
✅ Step 16 - Assign the users to give access to this application.
✅ Step 17 - Go to Properties and ensure the following:
- The app is enabled for users to sign in
- The app is visible to users
- Whether or not the application requires assignment to show up to users
✅ Step 18 - Go back to Deel and click Enable to enable the SSO Integration.
Once enabled, the organization will require SSO for any employee to log in.
To disable SSO at any given time, go back to this integration and click on More > Disconnect.