# SSO **Feature ID**: FU-1051 **Document Version:** 3.0 **Date:** 24-03-2026 ### 1. Introduction Unifize supports Single Sign-On (SSO) integration using the SAML 2.0 protocol. This allows users to authenticate with existing identity providers (IdPs) such as Microsoft Entra ID (formerly Azure AD), Google Workspace, or other SAML-compatible systems. It has full SSO support on desktop and mobile browser. Approvals are done via OTP-based digital signature. The authentication method is **admin-configured** per org. Users do not get to choose between SSO or password-based login. *** ### 2. User Experience #### A. Desktop Login Flow 1. User navigates to their Unifize portal 2. Enters your email address 3. If the domain has SSO configured: 1. User is redirected to the corresponding IdP login 2. Completes password entry and 2FA if required 3. Redirects to Unifize as logged in user **Note:** The login screen may still display the "Sign Up Now!" prompt. However, SSO-configured domains will bypass this once the email is validated. #### B. Mobile App Login Flow 1. User opens the Unifize mobile app 2. Enters your email address 3. If SSO is configured for the domain: 1. User is redirected to the corresponding IdP login 2. Completes password entry and 2FA if required 3. Redirects to Unifize mobile app as logged in user #### C. PWA Login Flow (New) 1. Open [https://pwa.unifize.com](https://pwa.unifize.com/) 2. Enter your email address 3. If your domain is SSO-enabled you'll be redirected to the same enterprise IdP login as the Web App. 4. After authentication, redirected back to PWA.The PWA supports full SSO-based login and authorization flow identical to the Web App. *** ### 3. Approvals via OTP for SSO Users SSO users can do 2FA for authorising their digital signature using email-based OTP flow: * Upon initiating a digital signature, the user receives a **6-digit OTP** at their registered email * The OTP is valid for **2 minutes** * Once entered, the “Confirm and Sign” button becomes active *** ### 4. SSO Configuration & Setup **Note:** Only org admin can set up SSO configuration. Please reach out to your admin for the following steps: 1. Configure Azure Entra Id following the [Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal-setup-sso#enable-single-sign-on). \ In Azure, configure the following using values from Unifize (Org Settings → SSO): 1. Entity ID : Service Provider Entity ID from Unifize 2. Reply URL(s): 1. 2. Add additional Reply URL for PWA: 3. Sign-on URL : Org SSO URL from Unifize

2. Configure Unifize SSO Settings \ \ Go to Org Settings → SSO in Unifize 1. Choose Domain from the drop down. In case the domain is not listed, please reach out to your Unifize account manager. 2. Fill the following values from Azure to unifize 1. Entity ID : Microsoft Entra Identifier on Azure 2. SSO URL : Login URL on Azure 3. Certificate : * Download the "Base64 certificate" from Azure. * Copy paste the content of the file in the text area on Unifize.

#### 2. Save the configuration #### 3: Assign Users in IdP 1. Go to **Users and Groups** in the created Enterprise Application 2. Add relevant users to grant them access to Unifize 3. Ensure the users' email domains match the configured domain *** ### 5. Permissions & Roles * Only Org Admins can access and configure SSO settings * Users are automatically routed to SSO based on their email domain * For SSO access, users must: * Be added to the Unifize app group in the IdP * Have an email address matching the configured domain *** [🖋️Edit this page](https://www.notion.so/Admin-v-1f8860e6b45e80c7b5f2fc22ee1d51f2?pvs=4)