Microsoft Azure AD Single Sign On (SSO)

Purpose:  Provide Single Sign On to login to LegalServer using Microsoft Azure AD identity management.  Users logged into the Microsoft cloud environment need only click a hyperlink to log into LegalServer.

Cost: $1,800.00 one-time setup fee. $50/month added to standard maintenance fee.

Requirements:  Microsoft Azure AD (the cloud product)

To get this module enabled, file a ticket from your site requesting it and we will send a change order to start the process.

Return to Main SSO Page

Users Can't Login with SSO

Please check that your Client ID and Client Secret are correct. An expired client secret or other authentication failure will result in users seeing a message like "Error validating code. Possible timeout. Try again" on the login page after clicking the SSO link.

Unique Email Addresses Required

The same email address used in more than one user account in LegalServer will prevent SSO from authenticating for any user with the repeated email address.

Be sure whatever email you will test with (yours, presumably) is ONLY used for one account. Some people put their email address in as the email address on an API account, which would not work. Each user needs a unique email.

The Admin page in LegalServer contains an SSO Ready Check button that can help identify duplicate email addresses. It will also list user accounts that do not have an email address.

Microsoft Azure Configuration

Single Sign On settings affect the security of your agency's data, and if your admin staff has any questions at all about properly configuring Microsoft Azure AD securely, we encourage you to get the help of a consultant.  Our staff can provide you with contact information for consultants who have worked on Microsoft integrations with LegalServer.


If you feel comfortable configuring SSO on Azure AD, you may find this Microsoft help article helpful: 

https://docs.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-protocols-openid-connect-code.

For step by step instructions (as of October 2021) you can also view our help article on Agency-Side Administrator Setup for Azure AD SSO.

You'll need to know for Azure setup that your LegalServer SSO redirect URL is: ​​https://aws-auth.legalserver.org/sso. Find this setting Azure Active Directory > App Registrations >​ your enterprise app> Authentication > Redirect URIs (this is the same thing as Reply URI).

LegalServer Configuration

Once Single Sign On is enabled for your site, configure Azure AD on the Admin > Single Sign On page: 

You will need from Microsoft Azure AD:

  • Client ID and
  • Client Secret

The Authentication URL parameter may or may not be required depending on your setup in Azure. if you need it, it will be your Microsoft Tenant Identifier. Azure AD details change, and are beyond the scope of this help document.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us