All Collections
Integrations
Single Sign-on
OKTA JIT & SAML (SSO) Configuration Guide
OKTA JIT & SAML (SSO) Configuration Guide
Martin Walzak avatar
Written by Martin Walzak
Updated over a week ago

In this article:


Features

The following JIT (Just In Time) provisioning features are supported:

User creation after successful login

User updates after successful login


Requirements

You will require a LawVu account and be in contact with our implementation team.

Please do not use the LawVu application from the OKTA ONT store as it does not support the configuration with SAML claims to enable JIT.


Limitations of JIT

Account automation (creation and removal) is not possible with JIT. In order to create an account, the user must successfully log in to LawVu. Additionally, the legal team administrator has the responsibility of disabling a user's account within the LawVu platform to prevent it from being assigned as a resource in the future. As long as the user's account remains active in LawVu, it can be assigned to contracts and matters.


Step­ by ­Step Configuration Instructions

1. Go under the Application tab in your OKTA configuration settings and Create a new App Integartion.

2. Select SAML 2.0

3. Enter a name for the new application and optionally select the LawVu logo from the below URL

4. Enter the below values into SAML Settings under the Sign On tab after clicking the Edit button. LawVu will provide the Sign On URL.

Base URL

Supplied by LawVu

Audience URI

Supplied by LawVu

Application username

Email

5. To support JIT provisioning, the following parameters must be configured to pass the user’s First Name and Last Name through to LawVu.

Please go to Application > General > SAML Settings *Edit > [click next] Configure SAML page

Under the “ATTRIBUTE STATEMENTS” section, you must configure some required user attributes that get passed to LawVu when a user logs in.

You must add all 4 attributes from the table below under Attribute Statements.

Attribute Statements

Note: The http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uniqueId attribute should be set to a value that will uniquely identify the user in OKTA, and won’t change for the lifetime of the user. This should be set to user.id which corresponds to the OKTA unique identifier.

6. Please supply the below table of values to LawVu from the Sign on tab > View Setup Instructions button.

Please also inform your Lawvu implementation team of any additional logon domains you will be syncing and using on the platform as those need to be whitelisted.

Column

Value

Identity Provider Single Sign-On URL

Identity Provider Issuer

X.509 Certificate



Reporting a problem

Before you report a problem, can you please check ALL of the above settings? If the issue persists, then please get in touch with our support team.

Did this answer your question?