View Products Overview

Collect information to use in contracts and agreements.

Create contracts swiftly through templates, AI, or create and edit your own.

Route contracts seamlessly for editing, review, and approval.

Easily work with internal and external participants to edit and redline contracts in real-time

Capture secure, compliant, and legally binding signatures on any device.

Connect to the systems you use daily, or build into your application with our APIs.

How to Configure and Use Single Sign-On

Docubee now supports Single Sign-On (SSO) configuration. SSO is an effective way to reduce threats from hackers by making it so that users can only log in using one set of credentials per day. Reducing logins to one set of credentials improves enterprise security.

Let’s dive into how you can set this up for your organization in Docubee.

Before You Begin

The setup and configuration of SSO is a complex subject. It requires knowledge of the fundamentals of SSO and, for this implementation, in depth knowledge of Microsoft Azure AD. Thus, this guide is highly technical in nature and is meant for use by individuals in a technical IT role.

What is Single Sign-On?

Single Sign-On (SSO) is a technology that allows users to authenticate themselves once and gain access to multiple applications and systems without having to log in to each individual application. In other words, SSO enables users to use a single set of credentials (such as username and password) to access multiple applications and systems. 

The advantages of SSO for an organization are numerous. First, SSO improves productivity and user experience by eliminating the need for users to maintain multiple login credentials. Second, SSO enhances security by reducing the risk of weak passwords and password reuse, which are common security vulnerabilities. SSO also allows for centralized control of user access, making it easier to manage user permissions and revoke access when necessary.

Docubee Supported SSO Features

Docubee SSO supports the following features:

  • Use of Microsoft Azure AD as the Identity Provider
    • an SSO Identity Provider (IdP) is a system that provides authentication and authorization services for users accessing multiple applications and systems within an organization
  • Service Provider initiated SSO
    • an SSO Service Provider (SP) is a system that provides access to applications and services for users who have been authenticated by an SSO IdP.
    • Docubee acts as an SSO SP
    • SP initiated SSO is a type of SSO where the user initiates the authentication process by accessing a service or application provided by the SP
  • Just-In-Time User Provisioning
    • Just-In-Time (JIT) User Provisioning is a process that automatically creates user accounts and provisions access to applications and systems when a user attempts to log in for the first time

SSO Configuration in Docubee

Follow these steps to begin configuration. 

Configuration Basics

  • SSO is configured for a Docubee organization
    • as discussed below, you must contact us to begin the SSO configuration process for your organization
  • You must configure one or more email domains for your SSO-enabled organization
    • during login, the email domain portion of a user’s email address is used to determine if the user is a member of an SSO-enabled organization
    • Important: a specific email domain can be associated with only one SSO-enabled organization
  • Configuration involves setting up both Microsoft Azure AD and Docubee

The process for setting up SSO consists of these steps:

  1. Provide Initial Setup Information to Docubee
  2. Configure Microsoft Azure AD
  3. Configure Docubee Organization
  4. Test Configuration
  5. Enable Configuration

Provide Initial Setup Information to Docubee

To begin the setup process, please contact us here.

You will need to provide us the following information:

  • the name of the Docubee organization for which you would like to setup SSO
  • one or more email domains to be registered with your organization
    • for example:

We will perform the initial setup of the SSO configuration for your organization and will let you know when you can proceed with the following steps.

Configure Microsoft Azure AD

To configure Azure AD SSO with Docubee, perform the following steps:

  1. Create an Azure AD Enterprise Application for Docubee
    1. the application must be setup to use the SAML protocol
    2. you can get started by creating your own application from Azure Active Directory
      1. when asked what you’re looking to do with your application, you can choose “Integrate any other application you don’t find in the gallery (Non-gallery)”
  2. For the next steps, you will be copying values from Docubee when setting up Microsoft Azure AD:
    1. In a separate browser window, login to Docubee
      1. Navigate to the Settings page for your SSO-enabled Docubee organization
      2. Select General settings and scroll to the Single Sign-On section
  3. In the Azure portal, on the Docubee (or the name you chose when setting up the Enterprise Application) application integration page, find the Manage section, and then select single sign-on.
  4. On the Select a single sign-on method page, select SAML.
  5. On the Set up single sign-on with SAML page, select the pencil icon for Basic SAML Configuration to edit the settings.
    1. In the Identifier (Entity ID) textbox, copy and paste the value from the Docubee Identifier field, shown in the Docubee Single Sign-On section
    2. In the Reply URL textbox, copy and paste the value from the Docubee Reply URL field
    3. In the Sign on URL textbox, copy and paste the value from the Docubee Sign-On URL field
  6. On the Set up single sign-on with SAML page, select the pencil icon for Attributes & Claims to verify/edit the settings.

This setting is required

Claim Name Type Value SAML user.mail


These settings are optional, but recommended.  They are used to populate user account settings upon initial account creation.

Claim Name Type Value SAML user.givenname SAML user.surname


  1. On the Set up single sign-on with SAML page, select the pencil icon for Certificate and verify these settings:
    1. Signing Option should be set to Sign SAML Assertion
    2. Signing Algorithm should be set to SHA-256
  2. Ensure that all users that will be using Docubee are added to the Docubee Azure AD Enterprise Application and that all users have a configured email address.

Configure Docubee Organization

To configure your Docubee organization for SSO, perform the following steps:

  1.  Login to Docubee
    1. Navigate to the Settings page for your SSO-enabled Docubee organization
    2. Select General settings and scroll to the Single Sign-On section
  2. In the Identity Provider Log-in URL field, copy and paste the value from the Azure AD Login URL field, found under Section 4, Setup.
  3. In the Certificate field, upload the certificate that you will download from the Azure AD Certificate (Base 64) field, found under section 3, SAML Certificates.
  4. Click the “UPDATE SSO CONFIGURATION” button to save your settings.

Test Organization

Once you have completed all of the above configuration steps, you can test your configuration, by clicking on the “TEST SSO CONFIGURATION” button.  This will exercise the steps used during login to ensure that both sides are configured correctly.  Any errors found will be reported in the popup window.  Note the errors and follow the instructions provided to resolve any issues.  

Enable Configuration

Once you have successfully tested your settings, added all of your users to the Docubee Enterprise Application and are ready to enable SSO, enable one or more of your configured email domains by toggling the associated switch and clicking the “UPDATE SSO CONFIGURATION” button.

Important: Proceed with caution. Once a domain is enabled, users will only be able to access the organization by using SSO.  Also, only users with an email address containing one of the enabled domains will be able to access the organization.

User Provisioning

There are two ways new user can be added to your SSO organization:

  • Just-In-Time (JIT) Provisioning
  • Organization Invitation


Remember that before users can access a Docubee SSO organization, they must have accounts in Azure AD and they must be added to the Docubee Enterprise Application in Azure AD.

JIT Provisioning

The easiest way to add new users to an SSO organization is with JIT provisioning.  Using this method, when a new user attempts to login with an email address containing one of your organization’s configured email domains, once the user has authenticated, a Docubee user account will be automatically created and the user will be added to the SSO organization.  No further action is required to set up the user account.  If Azure AD has been configured with the user’s first and last name, this information will be used to populate the user’s account profile.

To initiate JIT provisioning, simply have your users access and enter their email address.

Organization Invitation

If you want to explicitly invite users to join your SSO organization, you can send them an invitation by following the steps described here.

When a user accepts the invitation, the user will be authenticated then added to the organization.

Set Up SSO Configuration Today

Need more help getting set up? Contact us here for assistance from our customer support team.