Parent organizations can enable their sub-organizations to use the same SSO SAML metadata and settings as the parent organization. Once an Organization Admin from the parent organization has added the metadata and set up their SAML settings, they can enable a setting that allows the Organization Admins in the sub-organizations to use the same metadata and settings.
This means that clients who leverage sub-organizations can manage all SSO through the parent organization SSO settings.
To learn about how to set up SSO for the parent organization, see our Organization Admin: Single Sign-On article.
How it works
Propagating the SSO SAML metadata and settings to sub-organizations from the parent organization requires an update in both the parent organization and in any sub-organization that wants to use the same SSO settings:
- An Organization Admin for the parent organization needs to switch on a setting in the parent organization home to enable the setting in the sub-organizations
- An Organization Admin for the sub-organization needs to switch on a complementary setting in the organization home of the sub-organization
Once both a parent and sub-organization have switched on the setting, then members of the sub-organization will log into Everlaw using the same SSO setup as members of the parent organization.
Parent organization setup
Required permission: Organization Admin for the parent organization
Enable the setting in the parent organization:
- To access the setting in the parent organization, go to Organization home
> Projects & Users > Security settings. Make sure you are in the parent organization.
- Under SAML Single Sign-on is the Allow sub-organizations to use parent organization's SAML metadata and SAML settings setting.
This setting makes it possible for Organization Admins in sub-organizations to use the same SSO settings as the parent organization. - To enable it, switch it on.
Once it is switched on, Organization Admins in each sub-organization can switch on the complementary setting in the sub-organization home.
Note
Switching the setting on in the parent organization doesn't make any automatic changes to the SSO settings of the sub-organizations.
Note
An Organization Admin in the parent organization can switch off the toggle to share SAML metadata and settings at any time. If they do so, SSO will be turned off for the sub-organizations. To re-enable it without using the parent organization's settings, an Organization Admin for the sub-organization must add unique SAML metadata.
Sub-organization setup
Required permission: Organization Admin for the sub-organization
To propagate parent organization SAML metadata and settings to a sub-organization:
- To access the setting in the sub-organization, go to Organization home
- If the Organization Admin for the parent org has already switched on the setting described above, there is a Use parent org's SAML metadata and SAML settings toggle in the SAML Single Sign-on section.
- To enable this setting, switch on the toggle. When you do so:
- The SAML metadata from the parent organization is propagated to the sub-organization
- The parent organization's settings for SSO at login are propagated to the sub organization. This includes:
- Whether SSO is Off, Required, or Optional
- Whether or not authenticated users can bypass Everlaw multi-factor authentication
Important
Enabling this setting deletes any existing SAML metadata from the sub-organization. Once it is removed from Everlaw, it cannot be recovered.