Set up Single Sign-On (SSO) with Document Crunch

Background

Single Sign-On (SSO) allows your team to access Document Crunch using your organization's existing login credentials. Instead of managing separate passwords, team members can sign in through your company's identity provider (like Microsoft Entra ID or Okta). This improves security, simplifies user management, and ensures that access is automatically removed when an employee leaves your organization.

Things to Consider

• Admin Access Required: You must have administrator-level permissions in both your identity provider (Microsoft Entra ID or Okta) and your organization's systems to complete the SSO setup.

• Supported Identity Providers: Document Crunch supports any identity provider that uses SAML 2.0 protocol, including Microsoft Entra ID (formerly Azure AD) and Okta.

• Domain-Based Routing: SSO is associated with your email domain, so users from your domain will automatically be routed to your identity provider during sign-in.

Steps

Option A: Configure SSO with Microsoft Entra ID (Azure AD)

Step 1: Access Microsoft Entra Admin Center

1. Go to your M365 Admin Center

2. On the left sidebar, under Admin Centers, click "Identity"

3. This will take you to the Microsoft Entra Admin Center

Step 2: Create the Application

1. On the left, click Applications > Enterprise applications

2. Click New application at the top

3. At the top, click Create your own application

4. Input a name for the app: Document Crunch

5. Select "Integrate any other application you don't find in the gallery"

6. Click Create

Step 3: Configure SAML Settings

1. In the app you created, on the inner left sidebar, click Single sign-on

2. Click SAML

3. Under Basic SAML Configuration, click Edit

4. Configure the following:

   • Add a new Identifier: urn:amazon:cognito:sp:us-east-1_Ul6ipRWnU

   • Add a new Reply URL: https://auth.documentcrunch.com/saml2/idpresponse

   • Under Sign on URL, enter: https://app.documentcrunch.com/login

5. Click Save at the top

Step 4: Configure Attributes & Claims

1. Under Attributes & Claims, click Edit

2. Click Add new claim

3. Configure the full_name claim:

   • Name: full_name

   • Source: Transformation

   • In the sidebar, select Join() in the dropdown

   • Under Parameter 1 > Attribute name: select user.givenname

   • For Separator: enter a single space

   • Under Parameter 2 > Attribute name: select user.surname

   • Click Add at the bottom

4. Click Save at the top

Step 5: Retrieve and Share Metadata URL

1. Under SAML Certificates, copy the App Federation Metadata Url

2. Send this App Federation Metadata Url to your Document Crunch account representative for configuration

Note: Document Crunch will use this URL to complete the SSO integration on the backend and enable SSO for your organization.

Option B: Configure SSO with Okta

Step 1: Create a SAML App in Okta

1. Go to your Okta Admin Console

2. In the navigation menu, expand Applications, and then choose Applications

3. Choose Create App Integration

4. In the Create a new app integration menu, choose SAML 2.0 as the Sign-in method

5. Choose Next

Step 2: Configure SAML Integration

1. On the Create SAML Integration page, under General Settings, enter the app name: Document Crunch

2. (Optional) Upload a logo and choose the visibility settings for your app

3. Choose Next

4. Under GENERAL, for Single sign on URL, enter: https://auth.documentcrunch.com/saml2/idpresponse

5. For Audience URI (SP Entity ID), enter: urn:amazon:cognito:sp:us-east-1_Ul6ipRWnU

6. Under ATTRIBUTE STATEMENTS, add a statement with the following information:

   • For Name, enter the SAML attribute name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

   • For Value, enter: user.email

7. For all other settings on the page, leave them as their default values or set them according to your preferences

8. Choose Next

9. Choose a feedback response for Okta Support

10. Choose Finish

Step 3: Assign Users to Your Okta Application

1. On the Assignments tab for your Okta app, for Assign, choose Assign to People

2. Choose Assign next to the user that you want to assign

3. For User Name, leave it as the user's email address

4. Choose Save and Go Back. Your user is assigned

5. Choose Done

Step 4: Get the IdP Metadata

1. On the Sign On tab for your Okta app, find the Identity Provider metadata Url

2. Click the copy button under it

3. Send the Identity Provider metadata Url to your Document Crunch account representative for configuration

Note: Document Crunch will configure the backend connection using this URL and notify you when SSO is ready for testing.

Finalize SSO with Document Crunch

Once you've sent your IdP Metadata URL to Document Crunch Support:

1. Reach out to support@documentcrunch.com to add your identity provider to the system

2. SSO will be enabled for your organization

3. Your email domain will be configured to route users to the correct identity provider during login

4. You'll receive confirmation when the setup is complete and ready for testing

FAQs

Can Document Crunch enforce SSO for my domain?

Yes. Once SSO is configured, it is automatically associated with your email domain. Users with email addresses from your domain will be routed to your identity provider during sign-in, ensuring consistent authentication across your organization.

What happens to existing Document Crunch users after SSO is enabled?

Existing users with email addresses matching your SSO domain will automatically use SSO for future logins. Their existing accounts and data remain intact.

Can we have multiple domains using the same SSO configuration?

Contact Document Crunch Support to discuss multi-domain SSO configurations and any specific requirements for your organization.

How do I disable SSO if needed?

Contact Document Crunch Support to disable SSO for your organization, which would then require users to set up their own individual passwords.