If your firm uses Clio and Microsoft 365, there is a new change worth understanding. Clio now supports Single Sign-On with Microsoft 365, which means your team can use their normal Microsoft work login to access Clio instead of managing a separate Clio password. Clio says this can help firms bring access control into one place and reduce the overhead of managing separate sign-ins.

But I thought Clio was already secure?

It is. This update does not mean Clio was insecure before. What it means is that firms now have the option to manage Clio access through the same Microsoft 365 sign-in process they already use for other parts of the business. That can help create a more joined-up approach to user access and reduce the need to manage Clio separately.

What does this change mean in practice?

In simple terms, staff can use their normal Microsoft 365 work account to sign in to Clio. That means fewer passwords to remember, fewer separate accounts to manage, and a simpler experience for users day to day. Clio describes SSO as using one set of credentials across multiple applications.

Why does that matter from a business point of view?

Because access control is not just an IT issue. It affects security, continuity and day-to-day operations. If user accounts are not managed properly, firms can end up with leavers still having access, inconsistent sign-in rules, avoidable login problems, or a lack of oversight over who can access key systems. Bringing Clio under Microsoft 365 sign-in can help reduce those risks by putting more control in one place. This is an inference based on Clio’s access-control and risk-reduction wording.

Can this help control where people are allowed to sign in from?

Yes, if Microsoft Conditional Access is being used alongside SSO. Microsoft Entra Conditional Access allows businesses to create location-based sign-in rules, including blocking access from specific countries or regions. So, for example, a firm could allow normal access from the UK and block sign-in attempts from outside the UK, if that suits the way the firm operates. Microsoft says the location condition is commonly used to block traffic from countries or regions where access should not be coming from.

So does this mean Clio itself blocks other countries?

Not by itself. The country-based control would come from Microsoft 365 and Microsoft Entra Conditional Access, not from Clio alone. The value of Clio using Microsoft 365 SSO is that Clio can then sit behind those same Microsoft sign-in rules. So if your firm already uses location restrictions, or wants to introduce them, Clio can become part of that wider control.

Is this just a case of switching it on?

No. It needs to be planned and set up properly. Clio’s process includes verifying your domain and creating the configuration in Azure. Microsoft also warns that location-based Conditional Access policies are restrictive and should be tested carefully. In practical terms, that means this should be treated as a proper change, not just a quick setting to tick on.

What happens if it is not set up properly?

The most obvious risk is disruption. Staff may struggle to sign in, the wrong people may be affected by access rules, or the firm may think it has stronger controls in place than it actually does. Because this affects how users get into the system, it is important that the setup matches the way your firm actually works. This is an inference based on Clio’s setup requirements and Microsoft’s warning to test restrictive location policies carefully.

Do we need to do anything now?

Not necessarily. This is not about panic or suggesting your current setup is unsafe. It is about understanding that Clio can now fit more neatly into the way your firm already manages Microsoft 365 access. For some firms, that will mean a worthwhile security and control improvement. For others, it may simply be something to review when the time is right.

Final thought

This is really about having better control over access to one of the systems your team uses every day.

Better control over who can sign in.
Better control over what happens when someone leaves.
Better control over how access is managed across the business.
And, where needed, better control over where sign-ins are allowed from.

If your firm uses Clio and Microsoft 365, it is worth understanding whether this could reduce risk and make access simpler to manage.

Need help working out whether it is right for your firm?
We can talk you through what it means, whether it fits your current setup, and what needs to be considered before it is switched on.