Single Sign-On (SSO)
SSO for your Notarize account lets you and all your teammates log into Notarize using the credentials stored in your organization's SAML Identity Provider (IdP). Examples of IdPs include ActiveDirectory, Auth0, Google, and Okta. With SSO, account and credential management are not handled by Notarize, but instead by your IdP.
- Users in your organization can log into Notarize without needing to enter their password every time.
- SSO is compatible with parent/child org structures, allowing you to propagate certain teams/groups to a respective child org upon SSO login.
- Streamline new user onboarding with just-in-time user provisioning (JIT provisioning). Users will be created and updated automatically when they log in through SSO, allowing you to scale your operation with Notarize faster.
- Once SSO is configured, users' former Notarize account passwords will no longer work, unless they are organization admins.
- Users' former Notarize account usernames will no longer work if those usernames do not match existing usernames in your organization’s IDP.
- This documentation assumes that you already have a SAML Identity Provider (IdP). If you do not have a SAML IdP, you can use any IdP that supports SAML 2.0 such as ActiveDirectory, Auth0, Google, and Okta.
- This documentation assumes you are on a "Pro" pricing tier. See our pricing page for more details.
Service Provider (SP) Configuration
To configure SSO on your Notarize account, you'll need to provide Notarize with the following information from your IdP:
- Entity ID
- Target URL
- X509 client certificate
You can enter these parameters individually, or provide a metadata file or metadata URL.
An organization admin can enable SSO and enter this information in Settings >> Team Security:
Production IdP Configuration
The IdP needs to be configured with the following Notarize SAML data:
- Entity (or Issuer) ID: https://api-internal.notarize.com/saml/consume
- Assertion Consumer Service (ACS) URL: https://api-internal.notarize.com/saml/consume
- SP metadata URL: https://api-internal.notarize.com/saml/metadata
- Also available as a file
Fairfax (Test) IdP Configuration
The IdP test environment needs to be configured with the following Notarize SAML data:
- Entity (or Issuer) ID: https://api-internal-mirror.notarize.com/saml/consume
- Assertion Consumer Service (ACS) URL: https://api-internal-mirror.notarize.com/saml/consume
- SP metadata URL: https://api-internal-mirror.notarize.com/saml/metadata
- Also available as a file
These attributes are sent from the IdP to Notarize, in order to provision accounts on-the-fly, assign specific roles (e.g. admin vs. team member), and create users in child organizations.
Keep in mind the following required attributes:
Read more about the available SAML attributes below:
|Attribute Name||Attribute Description|
|A unique, immutable identifier for the user. Can be an ID number, email address, username, etc.|
|User's first name|
|User's middle name|
|User's last name|
|User’s full name, e.g. “John Patrick Smith Jr.”|
|User's email address|
|An array of strings designating the user's roles. Choose any subset of the following:|
If omitted, the default role of
|A Notarize organization ID. If specified, the user will be added to this org, otherwise they'll be added to the org where SSO was configured. Use this attribute if you'd like to sign a user into a specific child org.|
|The notary’s state of operation, as an abbreviation.|
|An array of strings representing languages spoken by the user (notary). Supported values are |
Updated about 2 months ago