How do I set up Single Sign On for Legal Server?

Before you begin, collect these items from your Legal Server environment:

• Your Identity Provider’s (IdP) metadata URL (e.g., Azure AD, Okta, or OneLogin).
• The Service Provider’s (SP) entity ID and ACS URL provided by Legal Server.
• Administrative access to your Chatref account with workspaces enabled.
• A Chatref prepaid balance with your $50 free credit (no credit card required).

Chatref’s custom-actions let you trigger an SSO handshake directly from the chat widget. Build a new custom action inside the Chatref agent builder:

1. Name the action (e.g., legal‑server‑sso).
2. Set the trigger to “on user message contains /login” or a dedicated button.
3. Point the webhook URL at your Legal Server SP endpoint.
4. Map the IdP parameters (SAML assertion or OIDC tokens) you collected earlier.
5. Enable the action and add it to your agent’s response flow. This way, the AI agent detects when a user needs to re‑authenticate and launches the SSO flow without leaving the chat.

After a user logs in via SSO, your ai-agents can carry that session token into every response. The agent enriches answers with Legal Server data because it has user‑scoped access:

• Ground responses in your own matter notes, court forms, and training documents.
• Auto‑detect the authenticated user’s role (attorney, paralegal, client) and tailor replies.
• Keep the voice consistent with your legal practice’s tone. Since Chatref charges per response (1‑5 coins), you pay only when someone actually asks a question – zero cost when idle.

Map your Legal Server offices to workspaces inside Chatref. Each workspace holds its own set of documents, agent configurations, and user permissions. When a staff member authenticates via SSO, they land in their assigned workspace, seeing only the matters relevant to them. The shared‑inbox then becomes your central queue for complex questions that need human review. Licensed attorneys can take over a conversation from the AI agent with full context – the complete chat thread, the authenticated user’s identity, and the case record from Legal Server.

1. Use your Chatref playground to simulate a login request.
2. Confirm the custom action redirects to your IdP and returns a valid token.
3. Check that the AI agent recognizes the authenticated user by asking, “What cases am I assigned?”
4. Review the workspace assignment in the Chatref dashboard and ensure the shared inbox sees the user’s department.

Steps to configure SSO for Legal Server

1. Gather your IdP metadata (entity ID, SSO URL, certificate).
2. In Legal Server, enable SAML/OIDC and note the SP entity ID and ACS URL.
3. Inside Chatref, create a custom action that calls the SP endpoint with the IdP parameters.
4. Map the authenticated user’s attributes (email, role) to Chatref workspace membership.
5. Activate the action and associate it with your Legal Server agent.
6. Test the flow end‑to‑end.

How to enable Single Sign On

Enable SSO by building a custom action in Chatref that integrates with your identity provider. That action is added to the agent’s tool set, so the AI can prompt users to log in and then pass session tokens to Legal Server. The feature is available on every Chatref account – no add‑on fees.

Best practices for legal server authentication

• Restrict custom action webhooks to approved IPs and use HTTPS only.
• Scope tokens tightly (case‑specific, read‑only unless editing is needed).
• Route each Legal Server office into its own workspace to maintain ethical walls.
• Use the shared inbox for human oversight on any authentication failure or privileged conversation.
• Regularly review the insights digest to spot SSO errors or stale credentials before they block users.