Single Sign-On (SSO) for companies


A brief overview


Single Sign-On is an authentication method that allows users to sign in using one set of credentials to multiple independent software systems. Using SSO means a user doesn't have to sign in to every application they use. With SSO, users can access all needed applications without being required to authenticate using different credentials.

In Dokobit Portal, we offer a possibility to configure SSO authentication method for Enterprise accounts. Currently our system supports SSO with one provider – Microsoft Entra ID (formerly known as Microsoft Azure Active Directory or Azure AD).

Note: this is only available for "Enterprise" plan users.


How to enable SSO for your company account

Note: SSO can be enabled by a company account owner or administrator.

Note: it is highly recommended not to enable the SSO before your company users are informed about this change.

1.0. Create an App registration in MS Entra admin center.

1.1. Then create a Client secret in the respective app registration.

1.2. Log in to Dokobit portal and go to settings by either clicking on the gear icon (located at the top, right side of the screen) or by clicking on your name to reveal the drop-down menu and then selecting "Settings".


1.3. Click on the tab "SCIM tokens".

1.4. Navigate to the section "Single Sign-On (SSO)" and click "Configure SSO".


1.5. Please fill all necessary fields (Tenant ID, Client ID, Client secret) from the respective MS Entra ID app registration and then click "Continue".

Note: please make sure the data is entered correctly – our system does not verify the validity of the entered data. If the data is entered incorrectly, then the company users will fail to log in.

Note: if you have enabled SSO with wrong information or by mistake, you can either edit the configuration or disable the SSO. Be aware that as an administrator, you are still able to login to the company account with regular eID methods.


1.6. The system will give you a redirect URI. Please click "Copy" next to the redirect URI and enter it in the respective MS Entra ID app registration.

1.7. Please confirm that you wish to enable SSO by clicking "Enable SSO".

Note: once SSO is enabled, the login method will change immediately. All company users will receive automatic emails from Dokobit informing about the login changes on their accounts.

If a user has multiple Dokobit accounts, switching between SSO and non-SSO accounts is not possible. Please note that login methods for personal Dokobit accounts remain unchanged.

Note: after enabling the SSO for your company account, company users will no longer be able to log in to that company account with biometric methods (like fingerprint or facial recognition) or eID tools.

Users that have company administrator roles are still able to log in to the company account with the regular eID methods.


How to disable SSO for your company account


2.0. Go to "Settings".


2.1. Click on the tab "SCIM tokens".

2.2. There are 2 options to disable SSO for your company users:


  • You can disable the SSO configuration in the same page by switching the toggle off. Once disabled, all users will receive automatic emails from Dokobit informing about the login changes on their accounts.

Note: in this case all SSO configuration data will be saved.

  • You can delete the configuration by clicking on "Actions" > "Delete configuration". Once deleted, the SSO will be disabled immediately and all users will receive automatic emails from Dokobit informing about the login changes on their accounts.

Note: in this case all data related to the SSO configuration will be deleted permanently.


How to edit the SSO configuration


3.0. Go to "Settings".


3.1. Click on the tab "SCIM tokens".

3.2. Navigate to the section "Single Sign-On (SSO)" and click "Actions".


3.3. Click "Edit configuration" from the drop-down menu.


3.4. Make the necessary changes and click "Save".

Note: Tenant ID and Client ID will be pre-filled with existing data and can easily be adjusted or edited. Client secret will be empty because of the sensitivity of that data. If Client secret needs to be adjusted, then it should be replaced with a completely new Client secret code. If it does not need to be adjusted, then leave the field empty.


Registration, login and signing with SSO


Registration:

If your company already has SSO enabled, your existing users will continue using their accounts without any additional registration process.

If your company already has SSO enabled and you add new users, the users will have to log in via SSO and will be then requested to go through the registration process, where we will verify their identity with eID methods, or request to authenticate one-time-passwords via email and SMS. We require all users of our platform to firstly go through this process to make sure we properly identify users’ country and signing methods.


Login:

Once the SSO setup is enabled within your organisation, all user accounts will transition from the standard eID/email OTP authentication methods to the Microsoft SSO login method. This means that users will no longer be able to log in using their previous authentication methods. Therefore, it is very important for the company administrator to inform the users about the changes and the impact on their accounts and login methods.


Signing:

Enabling SSO for your company will not have any impact on the signing process. The company users will continue to sign with the same signing methods that have been identified during the user onboarding process.


User management


The same users must be added to MS Entra ID for the Dokobit Portal. There is currently no automatic synchronization between the Portal and MS Entra ID. Therefore, you will need to manually ensure that users are added to both platforms.

Note: if a user is not added to either the Portal or the MS Entra ID, or if there is a mismatch in the user's email address, the user will be unable to log in.


In the Dokobit Portal you can edit users by going to "Settings" > "User management".

Note: you can find further instructions on managing your company users here: How to manage my company users?

Note: you can still configure SCIM user provisioning in MS Entra ID to manage user enablement and suspension.

Still need help? Contact us Contact us