User Management: Single Sign-On (SSO) Guide



Single Sign-On (SSO) is the most frequently asked for requirement by enterprise organizations looking to adopt new SaaS applications like DocJuris. SSO enables authentication via an organization’s Identity Provider (IdP), such as Google Workspace or Okta, as opposed to users or IT admins managing hundreds, if not thousands, of usernames and passwords. Facilitate greater security, easier account management, and accelerated application onboarding and adoption by adding SSO to DocJuris.

SSO at DocJuris

DocJuris' Single Sign-On capabilities is compatible with any Identity Provider and supports both the SAML and OpenID Connect protocols. Below are a few of DocJuris' SSO options. If you previously connected to DocJuris via Azure AD or Okta prior to January 2022, please see our instructions below on how to migrate to our latest SSO services. 

SSO works separately or in tandem with Directory Sync.

Restrictions and Considerations

By design, a user cannot log in with a password when SSO is active. Second, IT admins are complimentary users in the DocJuris app and can follow the steps to configure SSO below. However,  they cannot access other features. 

Configuration Steps for New Connection

Step 1: Invite IT Administrator

To get started, create or assign the IT Administrator role to a User on your Team.




Step 2: Open SSO Settings

The SSO portal can only be managed by IT Administrators.

Click the "Single Sign-On Settings" button to open DocJuris' SSO configuration wizard.


Step 3: Select an Identity Provider

The first step is to pick an Identity Provider. DocJuris supports many including the below:


Once you have selected your Identity Provider, click the prompts to proceed with the SSO setup. After successfully completing the steps and testing your connection, you will arrive to a screen similar to the below.


Step 4 — Confirm Activation in DocJuris

Not done yet! Once your SSO settings are complete, return to the Single Sign-On Portal section of DocJuris' Settings and confirm that SSO does not need to be "Activated." If you see "Deactivate", your environment is ready.

Migrating From DocJuris' Older SSO Services Prior to January 2022

Previously, DocJuris provided Azure AD via Open ID Connect and Okta to establish SSO services. We strongly recommend migrating to our latest SSO services using the below steps.

Step 1: Follow Steps for Configuring New Connection Above

To avoid disruption, DocJuris allows you to configure a new connect to our latest SSO services prior to disconnecting your current, legacy SSO service at DocJuris.

The main difference is that you will find two rows in your SSO settings. To start DocJuris' newer SSO services, open settings for DocJuris' "Single Sign-On Portal."

image__12_.png Step 2: Activate the New Service

Activating the new Single Sign-On Portal service will deactivate the legacy connection. At any time, you can switch back or reach out to us for any questions.


How are users provisioned?

Once SSO is enabled, any user that logs in at will be just-in-time provisioned. For more automation, enable Directory Sync. Directory Sync connects DocJuris to your user directories, keeping DocJuris informed of any changes in your users, groups, and access rules.

What roles are users provisioned into?

Any user that logs in at will be just-in-time provisioned as a Business User. Their access to playbooks and contracts inside DocJuris will need to be manually adjusted by an administrator in DocJuris. Our user roles are Business User, Legal User, DocJuris Administrator, and IT Administrator. For a description of roles, please click here.

How can I test and activate a connection?

DocJuris SSO setup allows you to activate or inactivate a SSO configuration. In addition, DocJuris’ SSO workflow has built in testing protocols that are available in the user interface.