All Collections
Integrations
Single Sign-on
OKTA JIT & SAML (SSO) Configuration Guide
OKTA JIT & SAML (SSO) Configuration Guide
Martin Walzak avatar
Written by Martin Walzak
Updated over a week ago

Features

The following JIT (Just In Time) provisioning features are supported:

User creation after successful login

User updates after successful login

Requirements

You will require a LawVu account and be in contact with our implementation team.

Please do not use the LawVu application from the OKTA ONT store as it does not support the configuration with SAML claims.

Step­ by ­Step Configuration Instructions

1. Go under the Application tab in your OKTA configuration settings and Create a new App Integartion.

2. Select SAML 2.0

3. Enter a name for the new application and optionally select the LawVu logo from the below URL

4. Enter the below values into SAML Settings under the Sign On tab after clicking the Edit button. LawVu will provide the Sign On URL.

Base URL

Supplied by LawVu

Audience URI

Supplied by LawVu

Application username

Email

5. To support JIT provisioning, the following parameters must be configured to pass the user’s First Name and Last Name through to LawVu.

Please go to Application > General > SAML Settings *Edit > [click next] Configure SAML page

Under the “ATTRIBUTE STATEMENTS (OPTIONAL)” section, you must configure some required user attributes that get passed to LawVu when a user logs in.

You should add all 3 attributes from the table below, similar to the screenshot.

Note: The http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uniqueId attribute should be set to a value that will uniquely identify the user in OKTA, and won’t change for the lifetime of the user. This should be set to user.id which corresponds to the OKTA unique identifier.

6. Please supply the below table of values to LawVu from the Sign on tab > View Setup Instructions button.

Please also inform your Lawvu implementation team of any additional logon domains you will be syncing and using on the platform as those need to be whitelisted.

Column

Value

Identity Provider Single Sign-On URL

Identity Provider Issuer

X.509 Certificate



Did this answer your question?