Set up Microsoft Entra (Azure) Single Sign-On (SSO)

This guide provides all you need to know about configuring and testing your Microsoft Entra (Azure) single sign-on (SSO) integration with Perlego.

Included: Enhanced, Ultimate
Add-on required: Essentials
Read more about plans and add-ons.

Table of contents

  1. Configuration
    1. Share your tenant ID
    2. Permissions and Attribute release
    3. Why must I accept there permissions?
  2. What we don't support

Configuration

Before you start the configuration make sure:

  • Your organisation is on the Enhanced or Ultimate plan OR you have purchased the SSO integration as an add-on.
  • You have access to the Azure admin portal.
  • You have an SSO account you can test with (this might be the same email address as your admin account).
  • You have the Perlego admin access link.

 Share your tenant ID

You’ll need to tell us your Azure Active Directory tenant ID. It should have a format similar to this: b409c5eb-9a24-4763-a43e-66e198493e81

Send us your Tenant ID by completing the Single Sign-On set up form.

Permissions and attribute release

We’ll let you know when SSO has been added to your account.

Next you need to grant the required permissions to Perlego.

The easiest way to do this is by logging in to Perlego for the first time using your admin access link. This will allow you to test the SSO is working at the same time as granting the required permissions.

  1. Open the access link and accept the terms and conditions.
  2. Click Create your account.
  3. You’ll be re-directed to your Azure authentication page.
  4. Enter the credentials for your Azure Admin account. If you are already logged into Azure on your browser you’ll skip this step. You must use an account that has admin level permissions within Azure.
  5. You’ll be prompted to accept the required permissions on behalf of your organisation. You must accept these permissions for the SSO to work correctly. Once accepted, no other users will be prompted to do the same. Untitled (12)
  6. Once accepted, you'll be logged in to Perlego.

The PerlegoSSO will now appear within your Azure portal. To check this:

  1. Login to your Azure portal.

  2. Click View on the Manage Microsoft Entra ID option. Untitled (10)

  3. In the left sidebar, select Enterprise applications.

  4. The PerlegoSSO application will be listed.Untitled (11)


If users are experiencing permissions errors whens signing up, you can re-grant the permissions from Enterprise applications > PerlegoSSO in the Azure portal.

  1. Go to Enterprise applications > PerlegoSSO.
  2. Under Security in the left side bar, select Permissions.
  3. Click on Grant Admin Consent for Perlego.
  4. Accept the permissions. Untitled (13)

Once accepted, go to your Perlego access link and test logging in with SSO.

You can always check the account has been added by visiting the Perlego Organisation Subscription Manager.

Why must I accept these permissions?

By accepting these permission you are ensuring the following attributes below are released through the Microsoft Graph. Documentation can be found in Microsoft's support guides.

Attribute Perlego account field
givenName First name
surname Last Name
userPrincipalName Email

This ensures the user profile in Azure can be matched and maintained against the user profile with Perlego.

What we don't support

We don’t currently support the following:

  • Restricting access to Perlego based on Microsoft Azure Active Directory Groups.
  • Active Directory Federation Service (ADFS)