LogoLogo
🇬🇧 English
🇬🇧 English
  • User Guide
  • Signing
    • Sign from the email invitation link
    • Sign as a signed-in user
    • Decline to sign
    • Sign several signing requests with a single authentication
  • Managing signing requests
    • Creating signature requests using templates
    • Create signature request
    • Contractor's liability information check
    • Add a signature mark at the bottom of each document page
    • Define signing order
    • Alternative signature levels
    • Ultralight signature level
    • Edit signature request
    • What to do when the email invitation is not received?
    • Set signature request on hold
    • Cancel signature request
    • Reopen signature request
    • Set signature request complete
    • Verify the authenticity of signatures
  • Utilise prewritten texts
  • Voting
    • Introduction to electronic voting
    • Create a poll
    • Vote as a logged in user
    • Vote from the email invitation link
    • Send a voting link to voter
    • Import voter information from a file
    • Cancel poll
  • Managing tasks
    • Task management
  • Data retention and deletion
    • Data retention and deletion
  • Delete content on the organisation account
  • Inserting and searching meta data
    • Use of tags
    • Enter or edit metadata
    • Search using metadata
    • Display metadata columns in the files view
  • Managing meta data
    • Metadata overview
    • Metadata administration
    • Add metadata fields
    • Add metadata templates
    • Add date-type metadata
    • Add person-type metadata
    • Add number-type metadata
    • Add a language version to the metadata
  • Managing documents
    • Share a file
    • View and process files
    • Read files in the files preview
    • Search files
    • Mark a file as archived
    • Rename a file
    • Change the order of files
  • Managing groups
    • Create a group
    • Remove members from a group
    • Leave a group
    • Close a group
    • Mute a group
    • Edit the Groups list in the side bar
    • Copy group address
  • Share content and permissions organisation-wide
  • Signing up for SignSpace
    • Try SignSpace for free
    • Create personal account
    • Register your organisation
    • Register with organisation invitation
    • Join existing organisation account
  • Managing your organisation account
    • Manage organisation information
    • Authorise access to organisation account information
    • Add members to your organisation
    • Edit your organisation's logo
    • How to enable Single Sign-On (SSO)
    • How to set up an Entra ID Enterprise App for SignSpace SSO
  • Setting up SharePoint integration
  • Personal settings
    • Out-of-office message
    • Edit your personal settings
    • Verify your identity
    • Customise email notifications
  • Forms
    • Forms functionality
  • Use forms to enable electronic signing of test drive permits
  • INTEGRATIONS
    • SignSpace Easy integration
Powered by GitBook
On this page
  • What is Single Sign-On?
  • Why use SSO?
  • Cost of SSO
  • Enablement of SSO
  • Basic SSO Setup
  • User management from Entra ID
  • Preconditions
  • Steps for enabling SSO
  • Functionality
Export as PDF
  1. Managing your organisation account

How to enable Single Sign-On (SSO)

PreviousEdit your organisation's logoNextHow to set up an Entra ID Enterprise App for SignSpace SSO

Last updated 3 months ago

What is Single Sign-On?

Single Sign-On (SSO) means that users can login to the SignSpace application using their organisation-provided account, such as a Microsoft login account, without needing a separate login.

Why use SSO?

  • Users do not need to remember and store separate passwords for SignSpace, which enhances your organisation's protection against password-based cyberattacks.

  • Overall security improves further if multi-factor authentication is used with your login accounts.

  • Your organisation can implement a comprehensive identity services integration, enabling centralised access rights management via Entra ID.

Cost of SSO

The cost of Single Sign-On depends on the number of users and the extent of the configuration required.

For more information, and we will help you find a solution that suits you.

Enablement of SSO

Basic SSO Setup

This basic SSO configuration allows logging into the SignSpace service using Entra ID credentials. The integration does not support adding users via your organisation’s identity service. This means new users must be added manually to SignSpace before they can log in using SSO. This requires defining accounts and information both in Entra ID and in the customer-specific configuration of SignSpace.

User management from Entra ID

SignSpace includes features that enable centralised user management directly from your organisation’s Entra ID. To activate these features, user information must be transmitted from your organisation’s identity service to SignSpace via an SSO token, in a predefined format.

One or more of the following custom features can be enabled:

  • Adding new users directly from your organisation’s identity service

  • Assigning SignSpace roles, permissions, organisations, and groups to new users directly from your organisation’s identity service

  • Managing SignSpace roles, permissions, and organisations from your organisation’s identity service

Additionally, if desired, removal of users from the SignSpace service can be implemented by using either the SignSpace API or utilise custom notifications available in the Microsoft tools.

Preconditions

Your organisation must use the Entra ID identity service (IdP), which complies with the standard SSO (Single Sign-On) protocol.

Depending on the features of the integration being implemented, the setup may require changes to your organisation’s identity management to ensure that the necessary information can be transmitted from your system to the SignSpace service.

Steps for enabling SSO

This chapter outlines the steps for enabling SSO in the SignSpace service.

  1. The SignSpace contact person provides the customer with the parameters needed to create the SAML.xml file: Entity ID and Reply URL.

  3. The customer sends the Federation metadata XML file SAML.xml (or a URL where the latest file can be downloaded) to the SignSpace contact person, who updates the information in the customer account configuration.

  4. The SignSpace contact person finalises the account configuration and enables single sign-on for the desired domain(s).

  5. Once single sign-on is enabled, the customer may activate SSO for specific users in the SignSpace interface. This applies to users with email addresses linked to the domains included in the configuration. Activation is done in the user management section by selecting SSO enabled checkbox.

  1. SSO is enabled as default for a new user added via Entra ID. The user is not added to SignSpace account users, until the user signs in the 1st time with SSO.

Communication to each new user needs to be organised by the customer, since SignSpace is not aware of the new user added to customer’s IdP. Here is an example message, you can modify for your need:

You have been granted access to SignSpace, which is the electronic signing service used by our company. Log in to the service from this link: https://app.signspace.com/srv/login/sso , using your Microsoft account credentials.

Functionality

This chapter describes the main functionalities.

A new user is added via Entra ID

A new users is added via Entra ID to SignSpace organisation users. Once the user signs in the 1st time with SSO, in the sign in process, user is asked to authenticate via Entra ID, verify his personal data used in the authentication and accept Terms of Service and Privacy policy.

The user is registered as a new user in Entra ID.

The new user logs into the service for the first time via the link: https://app.signspace.com/srv/login/sso

The user has not yet logged into Entra ID and is redirected to sign in.

After logging in, the user accepts the service terms and privacy policy.

The user is redirected to the service. The user is assigned a role and permissions within the organisation based on the information provided via the SSO token.

An existing user under SSO attempts to sign in with a username and password

Users with SSO enabled cannot sign in using a username and password. This workflow demonstrates the process that occurs when a user attempts to sign in with a username and password.

The user attempts to sign in using an email address.

The user is redirected to a page informing them that their organisation has taken single sign-on in use.

The user is redirected to the single sign-on page.

If the user is already signed into Entra ID, they are redirected directly to the SignSpace service.

A user attempts to sign in on the single sign-on page using an email address not linked to SSO

The user is informed that the email address is not under SSO and is advised to check the email address or log in using their username and password.

Change permissions at Entra ID side

Permissions changed in at Entra ID side apply to the next login of the respective user.

User removal from Entra ID side

User removed from Entra ID cannot login anymore, but user is not removed from SignSpace.

At its simplest, the enables users added in the SignSpace user management system to log in to the SignSpace service using SSO.

If your organisation requires centralised access management via Entra ID, the integration can be expanded to enable complete control over .

The customer configures Entra ID, see

How to set up Entra ID Enterprise App for SignSpace SSO
basic SSO setup
user management from Entra ID
contact a SignSpace expert