SSO

1. Introduction

Unifize supports Single Sign-On (SSO) integration using the SAML 2.0 protocol. This allows users to authenticate with existing identity providers (IdPs) such as Microsoft Entra ID (formerly Azure AD), Google Workspace, or other SAML-compatible systems.

It has full SSO support on desktop and mobile browser. Approvals are done via OTP-based digital signature. The authentication method is admin-configured per org. Users do not get to choose between SSO or password-based login.


2. User Experience

A. Desktop Login Flow

  1. User navigates to their Unifize portal

  2. Enters their email address

  3. If the domain has SSO configured:

    1. User is redirected to the corresponding IdP login

    2. Completes password entry and 2FA if required

    3. Redirects to Unifize as logged in user

Note: The login screen may still display the "Sign Up Now!" prompt. However, SSO-configured domains will bypass this once the email is validated.


B. Mobile App Login Flow

  1. User opens the Unifize mobile app

  2. Enters their email address

  3. If SSO is configured for the domain:

    1. User is redirected to the corresponding IdP login

    2. Completes password entry and 2FA if required

    3. Redirects to Unifize mobile app as logged in user


3. Approvals via OTP for SSO Users

SSO users can do 2FA for authorising their digital signature using email-based OTP flow:

  • Upon initiating a digital signature, the user receives a 6-digit OTP at their registered email

  • The OTP is valid for 2 minutes

  • Once entered, the “Confirm and Sign” button becomes active


4. SSO Configuration & Setup

Note: Only org admin can set up SSO configuration. Please reach out to your admin for the following steps:

  1. Configure Azure Entra Id following the Microsoft documentation.

    In Azure, configure the following using values from Unifize (Org Settings → SSO):

    1. Entity ID : Service Provider Entity ID from Unifize

    2. Reply URL : Authorization Callback URL from Unifize

    3. Sign-on URL : Org SSO URL from Unifize

  2. Configure Unifize SSO Settings Go to Org Settings → SSO in Unifize

    1. Choose Domain from the drop down. In case the domain is not listed, please reach out to your Unifize account manager.

    2. Fill the following values from Azure to unifize

      1. Entity ID : Microsoft Entra Identifier on Azure

      2. SSO URL : Login URL on Azure

      3. Certificate :

        • Download the "Base64 certificate" from Azure.

        • Copy paste the content of the file in the text area on Unifize.

2. Save the configuration

3: Assign Users in IdP

  1. Go to Users and Groups in the created Enterprise Application

  2. Add relevant users to grant them access to Unifize

  3. Ensure the users' email domains match the configured domain


5. Permissions & Roles

  • Only Org Admins can access and configure SSO settings

  • Users are automatically routed to SSO based on their email domain

  • For SSO access, users must:

    • Be added to the Unifize app group in the IdP

    • Have an email address matching the configured domain


🖋️Edit this page

Last updated