Overview
Single Sign-On (SSO) is the most frequently asked for requirement by enterprise organizations looking to adopt new SaaS applications like DocJuris. SSO enables authentication via an organization's Identity Provider (IdP), such as Google Workspace or Okta, as opposed to users or IT admins managing hundreds, if not thousands, of usernames and passwords. Facilitate greater security, easier account management, and accelerated application onboarding and adoption by adding SSO to DocJuris.
SSO at DocJuris
DocJuris' Single Sign-On capabilities is compatible with any Identity Provider and supports both the SAML and OpenID Connect protocols. Below are a few of DocJuris' SSO options. If you previously connected to DocJuris via Azure AD or Okta prior to January 2022, please see our instructions below on how to migrate to our latest SSO services.
SSO works separately or in tandem with Directory Sync.
Restrictions and Considerations
- By design, a user cannot log in with a password when SSO is active
- IT admins are complimentary users in the DocJuris app and can follow the steps to configure SSO below; however, they cannot access other features
Configuration Steps for New Connection
-
Invite IT Administrator — To get started, create or assign the IT Administrator role to a User on your Team.
-
Open SSO Settings — The SSO portal can only be managed by IT Administrators. Click the Single Sign-On Settings button to open DocJuris' SSO configuration wizard.
-
Select an Identity Provider — The first step is to pick an Identity Provider. DocJuris supports many options including the below:
Once you have selected your Identity Provider, click the prompts to proceed with the SSO setup. After successfully completing the steps and testing your connection, you will arrive to a confirmation screen.
- Confirm Activation in DocJuris — Not done yet! Once your SSO settings are complete, return to the Single Sign-On Portal section of DocJuris' Settings and confirm that SSO does not need to be "Activated." If you see Deactivate, your environment is ready.
Migrating From DocJuris' Older SSO Services Prior to January 2022
Previously, DocJuris provided Azure AD via Open ID Connect and Okta to establish SSO services. We strongly recommend migrating to our latest SSO services using the below steps.
-
Follow the steps for configuring a new connection above. To avoid disruption, DocJuris allows you to configure a new connection to our latest SSO services prior to disconnecting your current, legacy SSO service. The main difference is that you will find two rows in your SSO settings. To start DocJuris' newer SSO services, open settings for DocJuris' "Single Sign-On Portal."
- Activate the new service. Activating the new Single Sign-On Portal service will deactivate the legacy connection. At any time, you can switch back or reach out to us for any questions.
FAQ
How are users provisioned?
Once SSO is enabled, any user that logs in at app.docjuris.com will be just-in-time provisioned. For more automation, enable Directory Sync. Directory Sync connects DocJuris to your user directories, keeping DocJuris informed of any changes in your users, groups, and access rules.
What roles are users provisioned into?
Any user that logs in at app.docjuris.com will be just-in-time provisioned as a Business User. Their access to playbooks and contracts inside DocJuris will need to be manually adjusted by an administrator in DocJuris. Our user roles are Business User, Legal User, DocJuris Administrator, and IT Administrator. For a description of roles, please see Adding and Managing Users.
How can I test and activate a connection?
DocJuris SSO setup allows you to activate or inactivate a SSO configuration. In addition, DocJuris' SSO workflow has built in testing protocols that are available in the user interface.