Single Sign-On (SAML)
Let your team sign in through Okta, Azure AD, Google Workspace, or any SAML identity provider.
With SSO enabled, anyone with your company's email domain signs in through your identity provider — no separate EverDoc passwords. EverDoc supports any SAML 2.0 provider, including Okta, Azure AD (Entra ID), and Google Workspace.
SSO is available on the Business and Enterprise plans, and only organization owners and admins can configure it.
Set up SSO
Open Settings → SSO (the SSO item in the left sidebar). Setup is two halves of the same handshake:
1. Configure your identity provider
Create a new SAML application in your IdP and give it the two values EverDoc displays:
- ACS URL (also called Reply URL or Callback URL)
- SP Entity ID (also called Audience URI)
Both have copy buttons on the SSO page.
2. Enter your IdP details in EverDoc
From the SAML app you just created, copy the corresponding values back into EverDoc:
- IdP Entity ID (Issuer)
- IdP SSO URL (Sign-on URL)
- X.509 Signing Certificate (PEM)
- Email Domain — users with this email domain will sign in via SSO.
Click Enable SSO.
How your team signs in
- On the login page, click Continue with SSO.
- Enter a Work email.
- EverDoc looks up the domain, finds your SSO configuration, and redirects to your identity provider to complete sign-in.
Update or disable
Return to Settings → SSO any time to update the IdP details (Update SSO) or turn it off (Disable SSO). Configuration changes are recorded in the audit log.