Skip to main content
All Collections
SSO (Single-Sign-On) in caralegal
SSO (Single-Sign-On) in caralegal

SSO, Single-Sign-On, Login

Updated over 3 weeks ago

Single sign-on (SSO) is included in the Enterprise package. Other packages can of course request this add-on. It is associated with costs.

What is SSO?

Single sign-on (SSO) is a way of logging in to multiple websites or applications with just one account and password. Instead of remembering different passwords for each website, you only need one. Once you've logged in to one place, you can automatically access other connected websites without having to log in again. It's like having one key that unlocks multiple doors.

What are the SSO requirements for caralegal

Only one

  • You/your IT department the OpenID standard in your user management system. OpenID is an open standard for user authentication that is available for a variety of websites, applications, etc.

What SSO options are available?

Standard SSO

When entering an e-mail address with a whitelist domain, the user is shown an additional ‘Login with XX’ button.

If the user clicks on this, they are redirected to the login page for their respective User Management System

If the login was successful, the user can enter caralegal.

  1. However, a user account with the corresponding e-mail must exist beforehand

  2. Otherwise the user will only see a ‘There is no matching account, please contact the administrator’ notification

  3. Deleting the account in the user management system does not trigger the deletion of the user in caralegal

  4. SSO is always domain-specific

    1. e.g. caralegal.eu can be on the whitelist

    2. caralegal.com is not authorised

  5. We can easily add other domains

SSO-Only

With standard SSO, users still have the option of logging in via email and password. As this can pose a security risk, SSO is usually recommended.

  1. If e-mail is inserted and added to the whitelist, the password field disappears

  2. BUT: Other users without a whitelisted domain and an account created by the admin can still access via email + password

SSO with IAM (Identity-And-Access Management) "Light"

With these option, users can be set up automatically with:

  • A standard organisational unit and

  • A standard role

Best Practice

  1. Insert a “Fake” Unit like:

    1. caralegal > Welcome Area

  2. In that way, new users

    1. Can log in

    2. No manual account creation is necessary

    3. Users can take your first ‘steps’ in caralegal without accessing the actual documentation

    4. But they cannot "destroy" anything real, since the unit is usually kept empty

  1. Admins are less involved, no manual account creation

  2. Still, Org-Unit has to be set

  3. If role should be different the default one, this has to be changed

SSO with IAM (Identity-And-Access Management)

So, how do admins not have to deal with user management and how can we possibly connect caralegal units with those of the user management system? Normally, companies also store departmental/team information there. We need real IAM identity and access management.

  • With IAM, we can match the ‘Group ID’ with the caralegal organisational units in the software and automatically add users to them.

  • Your user management system is the leading system. It will overwrite settings in the users, making manual changes in caralegal virtually impossible.

Related Articles
What is the purpose of the Resources section?
Identity-and-Access Management (IAM) in caralegal
Did this answer your question?