OpenID stands out due to its wide compatibility with nearly all SSO providers, including industry leaders like Okta, Azure, Google, OneLogin, and Pingfederate, often referred to as Identity Providers or IdPs. This integration allows Deel users to enforce a uniform login method across various contract types and client admin roles, enabling them to sign in through their preferred provider.
This article explains how to set up and use the OpenId Connect Integration, so your organization can rely on Single Sign-On, using Azure as the Identity Provider, and require employees to authenticate using your Azure Users directory.
In this article:
How to connect the OpenId connect connector
How to setup a new Azure Enterprise application
Before you begin
Before proceeding, check out the initial How to configure OpenID article.
How to connect the OpenId Connect Connector integration
To set up SSO using the OpenId Connect protocol, you need to connect to the "OpenId Connect" integration. Only organization admins are able to connect integrations on behalf of the organization.
✅ Step 1 - Select the Hub icon and click on the App tab once logged in
✅ Step 2 - Look for OpenId Connect and click on it.
✅ Step 3 - Now click on "Connect OpenId Connect" and enter the integration set up. Keep this screen open, to get these fields from Azure.
How to set up a new Azure Enterprise Application
✅ Step 1 - In Azure portal, go to the Entra Id service.
✅ Step 2 - Click "Add" > App Registration on the top left.
✅ Step 3 - Give it a name, for example, "Deel", Choose your desired Supported Account Types, and leave Redirect URL blank for now, to be revisited later. Then click on Register.
✅ Step 4 - Copy "Application (client) ID" and paste it on the Client ID field, on Deel configuration.
✅ Step 5 - Now, click on Endpoints, on the top, and copy the "OpenID Connect metadata document" url. Paste that URL in the Well-known URL field, on Deel configuration.
✅ Step 6 - The next step is to create a new secret. Click on "Certificates & secrets" on the left, under the "Client secrets" tab, click on "New client secret"
✅ Step 7 - Enter a name, and choose desired expiration date, click "Add". Important: When this secret expires, the integration will stop working, and will need to be set up again.
✅ Step 8 - Copy the secret Value, and paste it at the Client Secret field, on Deel configuration.
✅ Step 9 - Now you can save your Deel configuration. click on "Connect & Go To Settings".
✅ Step 10 - In the Single Sign-On options, enter a name, and copy the Redirect URL.
✅ Step 11 - Back to Azure's app configuration, click on Authentication, on the left, then click on "Add a platform".
✅ Step 12 - Select the "Web" option, paste the Redirect URL in the "Redirect URIs" field, and save by clicking on "Configure".
✅ Step 13 - Now, go to Branding & properties, on the left, and paste the Redirect URL in the "Home page URL" field.
✅ Step 14 - Next, go to "API permissions", and grant admin consent for Default Directory, so the application has consent to send users information to Deel.
✅ Step 15 - With the app created, go back to Entra's Default Directory > Enterprise Applications. Select the just created application.
✅ Step 16 - Assign the users to give access to this application.
✅ Step 17 - Go to "Properties". Make sure the app is enabled for users to sign-in, the app is visible to users, and whether or not the application requires assignment to show up to users.
✅ Step 18 - The last step is to go back to Deel, and click on "Enable" to enable the SSO Integration.
Once enabled, the organization will require SSO for any employee to login.
To disable SSO at any given time, go back to this integration, and click on More > Disconnect.