Skip to main content

SSO SAML 2.0 and SCIM 2.0 Generic Guide

This article outlines the technical prerequisites and configuration steps for integrating SAML and SCIM with a custom SSO solution.

Martin Walzak avatar
Written by Martin Walzak
Updated over a week ago

In this article

Important

This guide should only be used if a custom SSO solution is in place and our provider-specific guides are not applicable. If you are using one of our directly supported identity providers, you must follow the corresponding guide to ensure proper configuration and compatibility.

Requirements

  • You will require a LawVu account and be in contact with our implementation team.

  • You will also be required to provide all login domains for whitelisting.

  • You must complete the SAML configuration to authenticate your users.

  • You must use SCIM (recommended) or JIT for user provsioning.

SAML 2.0 configuration

LawVu endpoints are fully compliant with the SAML 2.0 industry standard. The following information is either provided by the LawVu team or accessible via the self-service portal.

LawVu SAML Endpoint Details

  • SAML Authentication URL: [Provided by LawVu]

  • SAML Entity ID (Identifier): [Provided by LawVu]

Required Information from Your Identity Provider (IdP)

To complete the configuration, please provide the following SAML details from your IdP:

  • IdP SAML Login URL

  • IdP Entity ID (Identifier)

  • IdP SAML Signing Certificate

Additional SAML Requirements

To ensure compatibility with LawVu’s SAML endpoint, please confirm the following settings:

  • Assertion Signing: Enabled

  • Assertion Encryption: Disabled

SCIM 2.0 user provsioning

It is recommended to always configure SCIM provisioning when available. JIT provisioning is also supported, but not recommended, and SCIM should be used instead of JIT.

Our technical team will provide the following information. Alternatively you may have access to our self-service portal. This portal contains all the relevant information you need to complete your configuration.

  • LawVu’s SCIM 2.0 endpoint URL

  • LawVu’s SCIM 2.0 bearer token

LawVu endpoints support the following user attributes when using SCIM. At this time, custom attributes or additional attributes are not supported.

attribute name

maximum charachters

username/email

256

name/givenname

100

familyname

100

phonenumber

50

title

100

department

100

JIT user provisioning

The following four claims are mandatory. If any one is missing the SAML login request will fail.

It is required for the JIT process to uniquely identify the user account, which requires the uniqueID to be part of the SAML request so any changes to email or name can be accepted by our endpoint.

idP Attribute on provider site

SAML response attribute

FirstName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

LastName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

(unique identifier), this should be an attribute that is unique and immutable.

objectID (Azure) or user.id (OKTA)

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uniqueId

username (NameID) (email format)

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Please note that if the email is chosen as the unique identifier, there will be issues updating a user's account if that email changes in the future as this attribute is immutable in our database.

Reporting a problem

Before you report a problem, can you please check provided guides and help articles. If the issue continues, then please reach out to our support team.

Related Articles
Configure SAML SSO with Google Gsuite
OKTA JIT & SAML (SSO) Configuration Guide
SSO (SingleSignOn) Information guide
SSO - Self Service Portal
SSO (SingleSignOn) Help Guide
Did this answer your question?