Single Sign On (SSO)
LegalServer currently offers integration with the following single sign on providers:
Applicable Regardless of Provider
- Setting the Global Enforcement Policy to "Enabled and Required" removes the login fields from the landing page and provides users only with the "Single Sign-On" link:
Setting it to "Enabled" leaves the standard LegalServer Username and Password prompt, allowing a user to bypass the SSO link and login that way (assuming they enter valid credentials).
We currently use OpenID Connect with the three providers.
Mix of SSO and LegalServer Credentials for Users
You can have some users logging in with SSO and others logging in with LegalServer credentials. A common use case is staff versus pro bono users.
A site can use "Enabled", exposing the login fields, but set the password for select users to a random, unknown-to-the-users value, thus forcing those users to use SSO.
Break the Glass Account
A common question is how an administrator would get into a site if their SSO wasn't working and "Enabled and Required" is used, thus not showing login fields. You would not be able to. You would need to contact LegalServer support ( firstname.lastname@example.org) and ask us to set your site to just "Enabled", exposing the login fields. Someone (presumably an Administrator) could then login and with LS credentials, assuming they have valid ones. NB: LegalServer staff can set a site 'back' to Enabled based on a request from an administrator. We will not do that and provide a password reset without further steps to ensure it isn't an attempt to gain unauthorized access to a site.
A site can use "Enabled", exposing the login fields, but set the password for all but select users to a random, unknown-to-the-users value, thus forcing those users to use SSO.
SSO and API Calls
API calls for the Reports API and the Core APIs do not check on the SSO requirements for authentication. Making such an API call with either Basic or Bearer Authentication will work even if SSO is set to "Enabled and Required".