In this article:
Features
The following JIT (Just In Time) provisioning features are supported:
User creation after successful login
User updates after successful login
Requirements
You will require a LawVu account and be in contact with our implementation team.
Please do not use the LawVu application from the OKTA ONT store as it does not support the configuration with SAML claims to enable JIT.
Limitations of JIT
Account automation (creation and removal) is not possible with JIT. In order to create an account, the user must successfully log in to LawVu. Additionally, the legal team administrator has the responsibility of disabling a user's account within the LawVu platform to prevent it from being assigned as a resource in the future. As long as the user's account remains active in LawVu, it can be assigned to contracts and matters.
Step by Step Configuration Instructions
1. Go under the Application tab in your OKTA configuration settings and Create a new App Integartion.
2. Select SAML 2.0
3. Enter a name for the new application and optionally select the LawVu logo from the below URL
4. Enter the below values into SAML Settings under the Sign On tab after clicking the Edit button. LawVu will provide the Sign On URL.
Base URL | Supplied by LawVu |
Audience URI | Supplied by LawVu |
Application username |
5. To support JIT provisioning, the following parameters must be configured to pass the user’s First Name and Last Name through to LawVu.
Please go to Application > General > SAML Settings *Edit > [click next] Configure SAML page
Under the “ATTRIBUTE STATEMENTS” section, you must configure some required user attributes that get passed to LawVu when a user logs in.
You must add all 4 attributes from the table below under Attribute Statements.
Attribute Statements
Field name | Name format | Value |
URI Reference | user.firstName | |
URI Reference | user.lastName
| |
URI Reference | user.email | |
URI Reference | user.id (manually entered) |
Note: The http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uniqueId attribute should be set to a value that will uniquely identify the user in OKTA, and won’t change for the lifetime of the user. This should be set to user.id which corresponds to the OKTA unique identifier.
6. Please supply the below table of values to LawVu from the Sign on tab > View Setup Instructions button.
Please also inform your Lawvu implementation team of any additional logon domains you will be syncing and using on the platform as those need to be whitelisted.
Column | Value |
Identity Provider Single Sign-On URL |
|
Identity Provider Issuer |
|
X.509 Certificate |
|
Reporting a problem
Before you report a problem, can you please check ALL of the above settings? If the issue persists, then please get in touch with our support team.