Skip to main content
Ediscovery Support Center Case Builder Support Center Hold Support Center
Back to csdisco.com

Using single sign-on (SSO)

  • Updated

Your organization can use an external identity provider (IdP) to log in to DISCO, instead of creating a separate DISCO username and password. All major IdPs are supported, including Active Directory Federation Services, Okta, Microsoft Azure AD, and others. SSO is configured and enforced for a specific email domain or domains, such as @customer-name.com. SSO can be configured for login.csdisco.com, login.csdisco.eu, and login.csdisco.ca. All DISCO environments support SSO login, and each can be configured as separate apps in your SSO provider.

My organization uses single sign-on. How do I log in?

When you are added to a DISCO database, you will receive an activation email with a link to log in to DISCO, instead of a link to create a password.  If you are already logged into your IdP, the link should take you straight into DISCO. If not logged in, you should be redirected to your IdP login after clicking the link. The exact behavior will differ depending on your specific Identity Provider.

If your IdP credentials do not work, contact your organization's technical support team except during initial setup as this indicates more testing is needed.

My organization wants to enable single sign-on. How do we do that?

Contact us to enable SSO for your organization. 

We will need the following information to enable SSO for your organization:

  • Primary contact person/team
  • DISCO Product(s)
    • Ediscovery (with or without Case Builder)
    • HOLD (with or without Request)
    • Note: Customers with both Ediscovery & HOLD must align on using SSO for all or no DISCO products.
  • The user's email domain(s) for SSO enforcement
  • Connection type: SAML or OIDC (OpenID Connect)
    • For SAML: The external identity provider (IdP) configuration values, including:
      • The single sign-on URL
      • The signing certificate (base64)
    • For OIDC:
      • Client ID and Issuer value
      • Use the implicit (hybrid) Grant type
      • SPA (Single-page application) app

SSO integration process

Data parameters

Provided by the customer to DISCO:

  • SSO email domain(s): e.g., @customer-name.com
  • for SAML connections
    • IdP metadata file
    • SSO URL
    • X509 Certificate (certificate to validate signed assertions)
    • Primary user identity attribute, commonly:
      • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
      • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
      • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/email
    • Protocol Binding
      • HTTP POST or HTTP REDIRECT
  • for OIDC connections
    • Client ID
    • Issuer value 

Provided by DISCO to the customer:

  • DISCO metadata file
    • Assertion Consumer Service URL
    • Entity ID
    • X509 Certificate (certificate to validate signed assertions)
Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Articles in this section

See more