Single Sign-On (SSO)
Connect your IdP to Pelanor to facilitate seamless login Sign-On (SSO) using OIDC (OpenIDC Connect).
Before you begin: You’ll need a unique organization_id
.
Contact your Account Manager or Pelanor Support to obtain it.
General Workflow
Create an OIDC application
Register an OIDC app in your IdP (Azure, Okta, or JumpCloud).
Add redirect URI
Use the format:
Environment | Redirect URI format |
---|---|
US (default) | https://app.pelanor.io/api/auth/callback/{idp}-{organization_id} |
EU | https://app-eu.pelanor.io/api/auth/callback/{idp}-{organization_id} |
Replace {idp}
with entra
, okta
, or jumpcloud
and {organization_id}
with your unique value.
Assign users
Assign users in your IdP that should be allowed to access Pelanor.
Send config to Pelanor Support
Share the following with Pelanor:
- Client ID
- Client Secret
- Issuer URL / IdP domain
Wait for confirmation
Pelanor will notify you when the SSO connection is active.
Finding Your Organisation Name
Open the Default Workspace
In Pelanor, go to Settings → Workspaces and click Default Workspace.
Copy the subtitle
The subtitle is your organization name, used for SSO login (lowercase, no spaces).
Logging in with SSO
Go to login page
Open the Pelanor sign-in screen.
Click 'Log in with SSO'
You’ll be prompted to enter your organisation name.
Enter org name and authenticate
Enter your name (e.g., acme
), authenticate via your IdP, and access the platform.
Platform-Specific Instructions
Microsoft Entra ID (Azure AD)
Register the app
Azure Portal → Azure Active Directory → App registrations → New registration
Set redirect URI
Use:
- US:
https://app.pelanor.io/api/auth/callback/entra-{organization_id}
- EU:
https://app-eu.pelanor.io/api/auth/callback/entra-{organization_id}
Create secret and collect info
- Create a secret under Certificates & secrets
- Copy the Client ID and Issuer URL
Assign users
Navigate to Users, and assign Pelanor access.
Okta
Create app integration
Okta Admin Console → Applications → Create App Integration
- Sign-in method: OIDC
- Application type: Web
Set redirect URI
Use:
- US:
https://app.pelanor.io/api/auth/callback/okta-{organization_id}
- EU:
https://app-eu.pelanor.io/api/auth/callback/okta-{organization_id}
Assign users and collect credentials
Assign users under Assignments
Copy the Client ID, Client Secret, and Okta domain
JumpCloud
Add new OIDC app
JumpCloud Admin → USER AUTHENTICATION → SSO Applications → + Add New Application
Choose custom OIDC
Select OIDC / Custom Application, then click Next.
Set redirect URI and grant type
- US:
https://app.pelanor.io/api/auth/callback/jumpcloud-{organization_id}
- EU:
https://app-eu.pelanor.io/api/auth/callback/jumpcloud-{organization_id}
Grant Type: Authorization Code (enable Refresh Token if needed)
Activate and assign
Copy Client ID, Client Secret, and Issuer URL
Assign users via the Assignments tab