Providing access

vLex offer a wide range of options for signing in to suit all organisations.

Single Sign-On (SSO)

This is the best option to grant easy access to academic, government, or corporate accounts. Users can gain access from anywhere, without needing individual login details, while retaining all the features of a personal, secure account. When someone uses this method to log into vLex, the service automatically creates a new personal corporate account when they sign in.

For admin users, SSO provides useful statistics, such as the number of users accessing vLex and the frequency of their individual sessions.

vLex SSO protocol

The vLex SSO protocol is the easiest way to provide an SSO experience. Your IT team will install a code page in a private area of your website, and users who go to that page will be redirected to vLex, where they will be automatically authenticated.

To begin the process of implementing SSO for your account, contact and we will begin the activation process by giving you the Authentication token and the Account ID.

The Authentication token is private. Do not give any third parties access to this information.

When you have this information, create a page on your private server that can verify a user, before redirecting them to the authenticated link.

The code for this is publicly available in Remote authentication↗. You can find it in the following programming languages:

  • PHP

  • Ruby

  • ASP Classic

  • ColdFusion

  • JSP

  • Python

  • C#

Programming the code

If you wish to program the page from scratch, the URL link should be:

This link should have the following GET parameters:

  • name: the user’s name (John Smith)

  • email: the user’s email (

  • timestamp: the time that the link is generated, represented as seconds from the Epoch (1049896564)

  • account_id: your account ID, this data appears when activating account integration.

  • hash: the value that is used to validate the rest of the fields, it is computed as: hexdigest(MD5(name+email+account_id+token+timestamp))

The hash must be encrypted with the parameters indicated above, which will never be the same as it includes the timestamp. The + symbol represents a concatenation of sets of strings. When computing the hash, the order of the fields is relevant.

IP access

While vLex supports IP Access (including access by proxy), our recommendation is to implement access by SSO.

When your users are logged into the network of your organisation, they can have access to vLex without signing in to their personal accounts, albeit losing some functionality.

If you want to provide this option to your organisation, contact customer services on and indicate the list or range of IPs that you want to include.

If you have problems determining IPs for granting access to your organisation, the vLex accounts team can provide assistance. Contact us.

Users who access vLex via this method will not be able to use features that rely on emails, such as alerts and history. They can override the IP by creating a personal account and logging in with a user ID and password.

HTTP proxy

You can provide your users with the same functionality they get with IP Access when they are not logged in to your network. To do this, you must enable a HTTP proxy. The supported proxy implementations are EZProxy and WAM proxy.

To do this, contact customer service at and tell us the list or range of proxy IPs that you would like to activate.

If you have problems determining IPs for granting access to your organisation, the vLex accounts team can provide assistance. Contact us.

Once we complete the implementation, we will provide you with the URL address that you must use to access the service.

Last updated