OAuth and authentication (Admin)
Configure SSO, OAuth apps, and login options. Set up Google, Microsoft, or Okta sign-in and manage authentication and security settings.
Admins configure how users sign in: password-only, SSO (e.g. Google, Microsoft), or both.
Authentication options
- Admin → Authentication Options (or Authentication).
- Self-registration – Allow new users to register with email/password (if enabled).
- Password policy – Minimum length, complexity, expiration (if applicable).
- SSO / Identity provider – Enable Google, Microsoft, or other providers. Users then see "Sign in with Google" (or similar) on the login page. Configure with the provider's client ID, secret, and redirect URLs.
- Default role – Role assigned to new users (e.g. when they register or are first invited).
OAuth applications
- Admin → OAuth Applications – If your org uses OAuth for third-party integrations (e.g. an external app that needs to call the Contracts AI API), you create OAuth client apps here: name, redirect URIs, and scopes. This is separate from "Sign in with Google/Microsoft" for users.
Keep SSO redirect URLs in sync with your app URL (e.g. production vs. staging). After changing auth settings, test login with a test user.
Did this answer your question?