In this article:
LawVu provides the ability to map your AzureAD roles into LawVu roles. This enables the configuration of access roles via the existing IT tools, which ensures central management of users and permissions. To utilize automatic role mapping in your LawVu app, both steps will need to be completed and configured in your Azure AD app.
You will require administrator access to your AzureAD (Office365) tenant and also be in touch with a LawVu technical contact in order to create the mapping in LawVu.
Please take note of the potential issue that might arise during role configuration and group assignment to applications. Misconfigurations can lead to quarantine errors, resulting in a halt to user provisioning.
Role Assignment: Azure allows roles to be assigned to both individuals and groups. However, this introduces a risk explained below.
Role Reusability Limitation: Application roles cannot be used in multiple instances when a group and an individual user are involved. This situation arises when a user is assigned to the application and is also a member of a group that has been assigned to the same application.
Solution: When utilising role provisioning, remember that Azure enforces a constraint on role reuse, allowing a user to be assigned only once to an application. This understanding can help you navigate the challenges effectively.
Please see below error message that will be logged if the configuration is incorrect.
AzureAD - Role creation and user assignment
Access the Enterprise app Lawvu and select “Users and Groups”. Click on “Application Registration”. Please note below the role assigned to a test user, which shows as “User” by default.
Click on “Create App Role” and create your LawVu roles here. The names don’t have to mirror the LawVu role names. The below four LawVu roles are available for mapping:
In House Legal
Go back to your LawVu app and to “Users and Groups”. Add a user or a group and assign a role.
Add a user or group, select the required role and apply.
Please note how the role assignment changed for our assigned user.
You can also change the role for an already existing user account or group under the app. Go to “Users and Groups”. Tick the box next to the user account and click on “Edit Assignment”
Select the role as in the previous steps and assign to user.
AzureAD - Role attribute mapping for SCIM provisioning.
Create a custom attribute mapping for roles under Provisioning. Click on "Edit attribute mapping"
Expand Mappings and click on Provisioning AzureAD Users.
Scroll down and add new mapping
Create a new custom attribute mapping with below values.
Target attribute: roles[primary eq “True”].value
Ensure to save your new settings and provide all newly created User roles to the LawVu technical team. All roles must be mapped on the backend of your LawVu configuration by a LawVu support team member. Without this mapping, at the backend, the roles will not apply to any of your accounts.
Reporting a problem
Before submitting a problem report, kindly review ALL the settings mentioned above. If the problem continues, please reach out to our support team for further assistance.