SSO setup

SSO stands for Single Sign-On and is a time-saving login method that allows users to log in to multiple services using one single ID and password.

Scrive currently supports SSO through SAML 2.0. SSO with, for example, OIDC or OAuth, is not supported on the platform today. With the help of SAML 2.0, users can utilise SSO through a global schema. We offer both IdP and SP-initiated SSO.

SSO login is available for the following Scrive products:

• eSign Online

• Browser extensions for eSign GO

• Virtual printer for eSign GO

• User-based standard integrations and plugins

The SSO setup will work for all systems supporting SAML 2.0.

Existing Users
Your pre-existing users need to be converted to SSO users. This action can currently only be done by Scrive staff. Please reach out to our support team to get help with converting users to SSO once you've configured SSO for your organisation.

User Provisioning
Scrive supports JIT (Just In Time) provisioning. JIT provisioning creates a user at the time of login if a user with the email sent in the assertion does not already exist within the Scrive system. User emails are unique.

Note that JIT provisioning is only applicable for IdP-initiated SSO and SP-initiated SSO when users enter the configured domain. To learn more about the configured domain for your organisation, contact your internal IT.

Frequently Asked Questions (FAQ)

What happens to my existing users when we enable SSO?

Nothing changes for your existing users—they will continue to log in as usual. If you want all or some of these users to switch to SSO, you must contact Scrive. Please note, however, that all newly created users will automatically be configured to log in with SSO once it's setup.

Can new users be automatically assigned to a specific user group?

Yes, this is possible. You can use the scrive.usergroupid property in the SAML assertion to assign new users to a specific user group.

I only want some users to access Scrive via SSO. How can I control this?

To restrict access, configure your directory service to only allow members of specific groups to authenticate. This is typically done by applying a group policy in your directory system. Alternatively, you can restrict access to the login page itself using other methods supported by your directory service.

Can we enforce 2FA for users logging in via SSO?

Yes, but 2FA enforcement must be handled in your directory system, not in Scrive. This is one of the advantages of SSO—it allows you to enforce your own 2FA policies and password requirements independently of Scrive’s platform.

A new user is in the wrong Scrive user group. How do I move them?

To move a user to the correct group, an admin of the desired target user group can follow these steps:

1. Go to Account → Users.

2. Click Invite.

3. Enter the user’s email address in the invitation dialog.

This action will move the user to the target group in Scrive.

How can I create users who log in with regular Scrive credentials, even with SSO enabled?

Request Scrive to convert a user to use regular log-in. After the conversion, the user will need to reset their password to set up a login credential.

Directory System
Choose a directory system below for further SSO setup instructions. Note that this information is rather technical, so do not hesitate to ask for further assistance if needed.