Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Set Up Single Sign-On (SSO) in CLM

            Modified on Thu, 27 Nov at 6:00 PM

            Single Sign-On (SSO) allows your users to log in securely to CLM using their existing corporate credentials. This guide will help you set up SSO in two different ways, depending on your Identity Provider (IdP).


            ✅ Option 1: Native SSO with Microsoft or Google

            If your organization uses Microsoft Azure AD or Google Workspace, CLM supports a native integration. This is the easiest and fastest way to enable SSO.

            Steps:

            • Confirm that your company is using Microsoft Azure AD or Google Workspace as the IdP.
            • Request the native SSO setup from your Technical Project Manager.
            • The integration will be configured for you – no manual configuration required.

            Tip: Always choose this option if your organization is on Microsoft or Google. It ensures the smoothest user experience and faster deployment.

            How to Sign In with Microsoft (Single Sign-On)

            The “Sign in with Microsoft” option provides a quick and secure way to log in using your existing Microsoft account. This method is strongly recommended if your organization plans to use Office 365 features such as Word Online or Word Desktop ⭐.

            What Happens When You Click the Microsoft Button?

            When you select the Microsoft login button on the sign-in page, you will be redirected to Microsoft’s secure authentication window.

            • You will enter your email address and password.
            • You may authenticate with a personal Microsoft account as well — this is normal ❗
            • ⚠️ However, using a personal account does not grant access to the application. Final access depends on your company’s IT approval.

            Once authentication completes, Microsoft sends a confirmation to DiliTrust to validate your identity.

            Why IT Admin Approval Is Required

            To enable Microsoft authentication for your organization, your IT administrator must authorize DiliTrust as a trusted application. This is a standard Microsoft security requirement designed to protect company data ⚖️.

            The process is based on the Microsoft Entra ID admin consent workflow. For reference, you can check these official Microsoft articles:

            Your IT will need to review and approve the consent request before Microsoft login becomes fully available to your team ⭕

            Why We Strongly Recommend Using Microsoft Login

            Using Microsoft login provides a seamless and secure experience for all users ✨. It is especially useful if your teams work with Office 365.

            • One single authentication for Dilitrust and Office 365 apps (Word Online, Word Desktop, etc.).
            • Smoother document access when editing files directly in Microsoft Word.
            • No extra passwords to remember ⌛.
            • Improved security thanks to Microsoft’s identity protection features.

            For these reasons, we strongly recommend enabling and using Microsoft login if your organization uses Office 365 ⭐.

            Tips & Troubleshooting

            • If you cannot log in after authenticating with Microsoft, your IT may not have approved DiliTrust yet ❓
            • If you accidentally authenticate with a personal Microsoft account, simply retry using your professional email ✋.
            • If you see a message requesting admin approval, contact your IT so they can complete the consent process ✔️.

            Need Help?

            If you have questions about Microsoft authentication or need help enabling SSO, our support team is here to assist you ✍.


            ✍ Option 2: Manual SSO Setup with another IdP

            If your organization uses another Identity Provider (e.g., Okta, PingFederate, Keycloak), you can still configure SSO manually. CLM supports the OpenID Connect protocol.

            Information required from your IdP:

            • Client ID
            • Client Secret
            • Well-known URL

            Steps:

            • Gather the 3 pieces of information above from your IdP administrator.
            • Send this information securely via MFT (Managed File Transfer) to your Technical Project Manager.
            • Your Technical Project Manager will open a ticket on our Jira Support Portal to finalize the setup.

            Note: Without these details, we cannot complete the manual SSO setup.


            ❗ Important Considerations

            • CLM supports only the OpenID Connect protocol (not SAML).
            • Native Microsoft/Google setup is strongly recommended whenever possible.
            • For manual setup, make sure your IdP is configured to provide the required fields before sending details to us.


            ✨ Benefits of SSO

            • Security: Users authenticate through your corporate IdP, reducing password risks.
            • Efficiency: Users log in with their existing credentials—no need to remember another password.
            • Centralized control: Manage access rights directly through your IdP.


            ❓ Need Help?

            If you encounter any issues or need guidance, please contact your Customer Care Team.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0