Before you start: This documentation is intended for corporate clients of JurisEvolution and is designed for the person responsible for the SSO implementation.
1 Introduction
The purpose of this section is to inform you of the elements required to implement SSO authentication for the JurisÉvolution web platform.
SSO authentication allows you to link your authentication environment to the JurisÉvolution environment. It is also possible to restrict the connection to a database via an SSO connection. This way, it will be possible for you to control the authentication to JurisÉvolution with your security rules.
2 Supported protocols
SAML v2.0 and OpenID
2.1 Relevant information
We use the Auth0 SSO service provider to integrate SSO connections to our environment. A “Service Provider” mode connection is used.
This means that we will provide you with the connection URL that will redirect users to your authentication service. We'll also provide you with a DNS link representative of your company (e.g. “company”.jurisevolution.ca).
3 Test and production environment
We strongly recommend that customers who wish to move to SSO authentication perform a pre-prod of the authentication to a test database to ensure that the full process is established before going live. It is possible to keep this configuration or to create a new one for the production launch.
In the case where the same environment is used (pre-prod and production), we must keep the same "PartnerID" because this is what identifies a client on our side and the information is found in the connection URL. For example: if you have only 1 Azure AD tenant, pre-prod and production will use the same "PartnerID" and therefore the same connection URL.
N.B. The PartnerID and the connection URL will be provided during the first pre-prod.
4 Database restriction
With JurisEvolution, it is possible to restrict access to a database to a "PartnerID". It will therefore be mandatory to use the SSO connection in order for the database to be displayed when connecting to JurisÉvolution. This additional security measure allows you to effectively control authentication to JurisEvolution from your network, workstations, etc.
N.B. Please note that when this restriction is activated, the JurisEvolution application support team can no longer connect directly to your database and must use a remote connection software on one of your workstations.