{{ title }}

What is eCourtDate?

eCourtDate is a cloud-native communications platform used by justice systems such as courts and prosecutors. Agencies can automatically send and receive two-way messages via texts (SMS), email, and voice calls.

eCourtDate Agency Required

To use this guide, you must be an authorized admin user with at least one assigned agency. Sign up for a free trial here ecourtdate.com/sign-up.

Understanding OAuth 2.0

OAuth 2.0 is an open standard for access delegation, widely used for Internet users to grant websites or applications access to their information on other websites without giving them passwords. It separates the role of a user from that of a client, allowing the client to act on behalf of the user without sharing their credentials.

OAuth 2.0 operates through a series of handshakes involving various tokens. The basic steps include:
1. The client (an application requiring access) requests authorization from the resource owner (typically, the user).
2. If the user consents, the client receives an authorization grant, which it exchanges for an access token at the authorization server.
3. The client then uses the access token to access the protected resources from the resource server.

OAuth 2.0 Flow Diagrams

Advantages of OAuth 2.0 Over SSO

While SSO offers an easier login process, reducing password fatigue, and potentially lowering support costs related to password recovery, OAuth 2.0 brings in several distinct advantages:

1. Scoped Access: OAuth 2.0 permits scoped access, which means applications don't get full access to a user's account. They only receive limited, often read-only, access to the user's data. This is a significant advantage in terms of privacy and security.

2. No Shared Credentials: OAuth 2.0 doesn't require sharing the user's credentials with the client, which is a key security enhancement. The risk of a user's password being compromised is substantially reduced.

3. Delegation: OAuth 2.0 supports delegation, where a resource owner can delegate access to a client, which can act on behalf of the owner without impersonation. This is crucial for modern API-driven applications.

4. Revocable Access: OAuth 2.0 access tokens can be revoked by users at any time, providing better control over which applications have ongoing access to their data.

5. Standardization: OAuth 2.0 is a standardized protocol adopted widely across industries, including major players like Google, Facebook, and Microsoft. This standardization makes integration smoother and helps in staying up-to-date with security best practices.

Choosing OAuth 2.0 as your primary authentication method means embracing a secure, flexible, and modern approach to managing user access. Its capability of providing scoped and revocable access, coupled with delegation, and without sharing credentials, makes it a robust choice for any organization prioritizing security. While SSO still has its place, OAuth 2.0 represents a significant step forward in secure user authentication for government SaaS users.

CISA Guidelines

"Open ID Connect, OAuth 2.0, Kerberos, and SAML 2.0 are examples of protocols that use secure, non-password-based connections for SSO. Many social media-based SSO services that consumers use are based on Open ID Connect, allowing even consumers to use SSO while focusing on strong authentication for their primary login provider."

Read CISA's guide on Implementing Strong Authentication Here.

Getting Started

IDP Management is designed to integrate with any compliant OAuth 2.0 based Identity Provider such as Microsoft's Azure Active Directory and Google's Business Workspace.

You will need administrator level access to an IDP service to use this guide. We recommend using a test environment with a staging agency in eCourtDate.

One IDP profile can authorize users to multiple agencies based on group or role memberships in your IDP.

Each IDP profile can only authorize users in the same region.

Step 1 - Create an IDP Profile

  • Log in to the eCourtDate Console at console.ecourtdate.com.
  • Click on the IDPs link in the top navigation.
  • Choose your desired customer from the top left customer switcher.
  • Click on Add IDP.
  • Choose your desired region and click Add.
  • You will be automatically redirected to edit the new IDP.

Step 2 - Configure your Identity Provider

Step 3 - Update IDP Profile

Return to the Console IDP profile to configure the following fields based on your IDP:

At this stage, an authorized user in the IDP should be able to sign in to eCourtDate using the Sign-in Link.

If the user does previously exist in eCourtDate, you should expect the user profile to be created and assigned to the Default Agency.

No roles or permissions should be assigned to the user automatically.

Step 4 - Configure Roles and Enabled Agencies

Choose a Default Role to auto-assign an eCourtDate role to any authorized user.

Users will be auto-assigned the Default Agency.

To assign additional agencies, the group name must match the following format (case insensitive): {AgencyReference_ECOURTDATE}.

For example, if your agency reference is: municipal-court-123 then the Azure group name should be municipal-court-123_ECOURTDATE

Prerequisite: the agency must be included in the IDP Enabled Agencies setting to be used for Group -> Agency assignment.

Note: Any Role that is a case-insensitive match to one of the following: SECURITY or ADMIN or ROOT will be assigned Super Admin in addition to any other roles. You may need to enable the Security groups in the above setting.

Technical Support

If you have any questions or issues while using this guide, please contact our support team at help@ecourtdate.com. We're here to help.

We appreciate any feedback or suggestions to improve our technical guides and resources.