OKTA SCIM & SAML (SSO) Configuration Guide

In this article:

Supported Features

The following provisioning features are supported:

Push new users

Push profile updates

Push user deactivation

Group Push

Requirements

You will require a LawVu account and be in contact with our implementation team.

If you're using our SSO self-service portal, this information is already available there and can be configured by IT.

Domain Whitelisting: Please inform your LawVu implementation team of any additional logon domains you will be syncing and using on the platform as those need to be whitelisted for SSO.

1. OKTA Application

To simplify configuration, LawVu provides a pre‑configured application in the Okta Integration Network. We recommend using this application when integrating with LawVu.

You can add LawVu directly by visiting: https://www.okta.com/integrations/lawvu or by selecting LawVu from the Okta catalog.

Browse the catalog and search for Lawvu.

Add Integration.

2. SAML Configuration

Select Sign On tab and edit the details.

Base URL:

Will be supplied by LawVu, or if you're using our SSO self-service portal, this information is already available there.

Audience URI:

Will be supplied by LawVu, or if you're using our SSO self-service portal, this information is already available there.

Application username format:

Save your new settings.

3. SCIM Configuration

Go to the Provisioning tab then click the Configure API Integration.

Please ensure you have the Lifecycle Management licensed in your OKTA account.

Enable API integration and enter the below values supplied by your LawVu contact.

Base URL:

Will be supplied by LawVu, or if you're using our SSO self-service portal, this information is already available there.

API Token:

Will be supplied by LawVu, or if you're using our SSO self-service portal, this information is already available there.

Enable Provisioning to App allowing Create Users, Update User Attributes and Deactivate Users. Do not disable any of those settings as it will cause user sync issues.

Assign LawVu application to users or groups.

Please note that assigning groups does not create a Team in LawVu. If you need Teams to be created from Okta groups, Group Provisioning must be configured under Group Push.

Ensure that users or groups appear under Assignments, and review your Logs if troubleshooting is required.

If the Self‑Service Portal is not being used, please provide the following table of values to your Technical Implementation Manager. These can be found under Sign On > View SAML Setup Instructions.

Column	Value
Identity Provider Single Sign-On URL
Identity Provider Issuer
X.509 Certificate

Optional: Configure Role Provisioning

Please note that configuring SCIM role provisioning will disable the ability to change and assign roles within the LawVu platform. The legal team member with administrative access usually does this task manually in LawVu.

Using SCIM role provisioning will require an IT member with admin access to OKTA to change the role within OKTA user management.

Please liaise with your legal team and clarify how roles should be assigned in LawVu before configuring this part.

https://help.lawvu.com/en/articles/7948270-okta-scim-sso-user-role-provisioning-configuration-guide

Optional: Configure Group Push

Please note that the Group Push feature must be enabled in LawVu for this to work. Please contact your Technical Implementation Manager or our Support team to have this feature enabled.

The Group Push feature allows a selected group in Okta to be created as a Team in LawVu. All members of that Okta group will automatically appear as Team members in LawVu.

For safety reasons, group deletion sync via SCIM is not supported, as it could unintentionally remove broad access to matters or contracts. Any Teams that are no longer required can be easily deleted directly within the LawVu platform.

1. Access Group Push tab in the LawVu Okta application and select Push Groups.