What is SSO?

SSO stands for Single Sign-on - a session and user authentication service that permits users to use one set of login credentials to access all of their SaaS applications. The user can then sign into the LawVu application using the corporate username and password credentials.

Login Flows

Please note that there is a difference between the login initiated from the client’s system (identity provider) and the login initiated from the Lawvu login screen (service provider).

If a user is already logged into their corporate identity provider (Office365, OKTA, etc.) and is presented with a list of application icons, then in most cases no further login prompt will be presented to the client. The LawVu homepage will simply appear once selected.

If the user initiates the login from the LawVu login page (https://go.lawvu.com) they will be required to enter their email address, which then triggers the system to forward the login request to their corporate identity provider (O365, OKTA, OneLogin, etc.).

LawVu supports the following SSO standards

SAML 2.0 for user authentication

SCIM 2.0 for user provisioning (automatic user creation and deactivation)

IMPORTANT: If SCIM user provisioning cannot be utilized to create and disable users in your LawVu account automatically, then our technical implementation team can provide details to support JIT (Just in Time) user provisioning through SAML claims.

OKTA users: Please ensure your OKTA instance includes the Lifecycle management license to support SCIM.

What is SAML?

SAML is an extensible markup language (XML) standard that facilitates the exchange of user authentication and authorization data across secure domains. SAML-based SSO services involve communications among the user (You), an identity provider (Client’s IT system) that maintains a user directory, and a service provider (LawVu).

What is SCIM?

System for Cross-domain Identity Management (SCIM) is a standard for automating the exchange of user identity information between identity domains, or IT systems. It’s specification is designed to make managing user identities in cloud-based applications and services easier. Once setup the SCIM endpoints on both sites can exchange information to create, read, update and delete users in the cloud application.

Security recommendations:

To increase security and avoid malicious access, every aspect of SSO implementation must be coupled with identity governance. LawVu recommends using two-factor authentication (2FA) or multifactor authentication (MFA) with SSO to improve security. Please talk to your IT to check if your organization can use or already uses 2FA.

Frequently Asked Questions

LawVu’s SSO technical capabilities are very flexible, and the below questions will help your I.T. team better understand the requirements and supported features.

Does LawVu support authentication settings for SAML 2.0 SSO using an Identity Provider such as Okta/Azure/OneLogin?

Yes. LawVu supports major providers like AzureAD (Office365), OKTA, OneLogin, Google, Sailpoint, JumpCloud. Please note that support is not limited to the listed providers as LawVu can support any IDP that has support for SAML2.0 and SCIM2.0.

Important note for OKTA clients: please ensure your OKTA license includes the Lifecycle management to utilize SCIM user provisioning.

Does LawVu provide instructions on how to configure SSO on the platform?

Yes, LawVu can provide guides for AzureAD, OKTA, and OneLogin.

Can the LawVu platform work in a mixed/hybrid mode allowing users to be able to sign in with and without SSO authentication?

Yes, LawVu can support a hybrid configuration. This allows the use of both SSO and LawVu-stored usernames/passwords when authenticating into LawVu. Please note that it is not recommended to have your SSO configured in a hybrid mode. However, there might be certain situations where hybrid access is required and requested by the client. In this instance, the LawVu technical team can enable hybrid mode on your account.

Does LawVu support SCIM 2.0 for user provisioning?

Yes, this standard is fully supported.

Does LawVu support JIT (Just In Time) user provisioning through SAML claims?

Yes, this standard is supported. Please note that with JIT there are certain limitations. Even though it is possible to create users through JIT provisioning after a successful login, it is not possible to disable a user’s account in LawVu via JIT.

Obsolete accounts will need to be manually disabled by the client's administrator within LawVu under the user management section. If this is delayed, there can be confusion. Once IT disables this account in the company's system then login will be denied to LawVu but the person who left will still have an active account in LawVu and will also appear as an assignable resource under Matters and Contracts.

Does LawVu support multiple domains on the same Lawvu instance?

Yes, LawVu supports multiple login domains on the same account. Please ensure that, with SSO in place, all required domains are whitelisted by the LawVu technician.

Does LawVu support multiple identity providers under the same LawVu instance?

Yes, LawVu supports multiple IDPs under the same account. For instance, the LawVu team can configure user provisioning and login from Office365 and OKTA under the same LawVu account. This is sometimes required if the corporate organization has multiple providers from different regions or if mixed user login is needed after a merger.

Is there a cost or additional license required to enable SSO in Lawvu?

Yes, there is a cost to purchase the additional SSO feature. Please liaise with your sales consultant for pricing.

Why is there an additional cost for SSO and what is covered by this cost?

The SSO one-off payment covers the cost of purchasing an additional product feature of our LawVu platform. It also includes the implementation time required by a LawVu technician to complete the setup for the client and testing. Additionally, these costs also cover the ongoing maintenance of the SSO endpoints, including any future upgrades and security improvements.

Do I have to enter my email and password again to access LawVu?

That depends on the login flow. Please see the above paragraph about login flows.

Can I still manage users in LawVu with SSO in place?

No. With SSO in place, all users are managed by centralized software and by your IT team. This is secure and ensures a single point of user control within your organization.

Did this answer your question?