Collect information to use in contracts and agreements.

Create contracts swiftly through templates, AI, or create and edit your own.

Route contracts seamlessly for editing, review, and approval.

Easily work with internal and external participants to edit and redline contracts in real-time

Capture secure, compliant, and legally binding signatures on any device.

Connect to the systems you use daily, or build into your application with our APIs.

Configure Single Sign-On (SSO)

View our Pricing & Plans for a detailed list and comparison of features available in each plan.

Docubee supports Single Sign-On (SSO) configuration. SSO is an effective way to reduce threats from hackers because users can only log in using one set of credentials per day. Reducing logins to one set of credentials improves enterprise security.

Note: Service-Provider-initiated SSO is the only SSO implementation supported by Docubee.  Identity-Provider-initiated SSO is not offered at this time.

Let’s dive into how you can set this up for your organization in Docubee.

In this article:

Before you Begin

SSO setup and configuration is a complex subject. It requires knowledge of SSO fundamentals  and in-depth knowledge of your Identity Provider (IDP), such as Microsoft Azure AD or Okta, for this implementation. This a technical article meant for individuals in a technical IT role.

What is Single Sign-On?

Single Sign-On (SSO) is a technology that allows users to authenticate themselves once, and gain access to multiple applications and systems without having to log in to each individual application. In other words, SSO enables users to use a single set of credentials (such as a username and password) to access multiple applications and systems. 

The advantages of SSO for an organization are numerous. First, SSO improves productivity and user experience by eliminating the need for users to maintain multiple login credentials. Second, SSO enhances security by reducing the risk of weak passwords and password reuse, which are common security vulnerabilities. Additionally, SSO also allows for centralized control of user access, making it easier to manage user permissions and revoke access when necessary.

Docubee Supported SSO Features

Docubee SSO supports the following features:

  • Use of Microsoft Azure AD or Okta as the Identity Provider
    • An SSO Identity Provider (IdP) is a system that provides authentication and authorization services for users accessing multiple applications and systems within an organization.
  • Service-Provider-initiated SSO
    • An SSO Service Provider (SP) is a system that provides access to applications and services for users who have been authenticated by an SSO IdP.
    • Docubee acts as an SSO SP.
    • SP-initiated SSO is a type of SSO where the user initiates the authentication process by accessing a service or application provided by the SP.
    • Service-Provider-initiated SSO is the only SSO implementation supported by Docubee.
      • Identity-Provider-initiated SSO is not offered at this time.
  • Just-In-Time User Provisioning
    • Just-In-Time (JIT) User Provisioning is a process that automatically creates user accounts and provisions (provides) access to applications and systems when a user attempts to log in for the first time.

SSO Configuration in Docubee

Configuration basics provides a high level outline of the configuration process and the SSO set up steps will walk you through it.

Configuration Basics

  • SSO is configured for a Docubee organization.
    • You must contact us to begin the SSO configuration process for your organization.
  • You must configure one or more email domains for your SSO-enabled organization.
    • During login, the email domain portion of a user’s email address is used to determine if the user is a member of an SSO-enabled organization.
      Important: A specific email domain can be associated with only one SSO-enabled organization.
  • Configuration involves setting up both the IdP app (Microsoft Azure AD or Okta) and Docubee.

SSO Set Up Steps

Set up SSO using the following steps:

  1. Provide Initial Setup Information to Docubee
  2. Connect Docubee with your IdP
  3. Test Configuration
  4. Enable Configuration

Step 1: Provide Initial Setup Information to Docubee

To begin the setup process, please contact us.

You will need to provide us the following information:

  • the name of the Docubee organization for which you would like to set up SSO.
  • one or more email domains to be registered with your organization.
    • for example: mycompany.com

We will perform the initial setup of the SSO configuration for your organization and will inform you when you can proceed with the following steps.

Step 2: Connect Docubee with your IdP

This includes configuring the IdP and configuring your Docubee organization. See the following for more information:

Step 3: Test Configuration

Have you completed all of the above configuration steps? Now test your configuration:

  1. Navigate back to your Docubee Settings and click TEST SSO CONFIGURATION.
  2. This will exercise the steps used during login to ensure that both sides are configured correctly.
    • Any errors found will be reported in the popup window. Note the errors and follow the instructions provided to resolve any issues.  

Step 4: Enable Configuration

After successfully testing your settings and adding all of your users to the Docubee Enterprise Application, you are ready to enable SSO.

  1. Enable one or more of your configured email domains by toggling the associated switch and clicking UPDATE SSO CONFIGURATION.

Important: Proceed with caution.

  • Once a domain is enabled, users will only be able to access the organization by using SSO. 
  • Only users with an email address containing one of the enabled domains will be able to access the organization.

User Provisioning

There are two ways new users can be added to your SSO organization:

  • Just-In-Time (JIT) Provisioning
  • Organization Invitation

Remember that before users can access a Docubee SSO organization, they must have accounts in your IdP, and they must be added to the Docubee Enterprise Application in your IdP.

JIT Provisioning

The easiest way to add new users to an SSO organization is with JIT provisioning.

Using JIT provisioning, when a new user attempts to login with an email address containing one of your organization’s configured email domains:

  • the user will be authenticated,
  • a Docubee user account will be automatically created (if it does not already exist), and
  • the user will be added to the SSO organization. 

No further action is required to set up the user account. If Azure AD or Okta has been configured with the user’s first and last name, this information will be used to populate the user’s account profile.

To initiate JIT provisioning, have your users access https://docubee.app/login and enter their email address.

Organization Invitation

If you want to explicitly invite users to join your SSO organization, you can send them an invitation. See Add, Update, and Remove Organization Members for more information.

When a user accepts the invitation, the user will be authenticated and then added to the organization.

Related Information

Configure Azure AD with Docubee
Configure Okta with Docubee
Additional Resources

Need more help getting set up? Contact us for assistance from our customer support team.