In this article:



AzureAD - Role creation and user assignment

AzureAD - Role attribute mapping for SCIM provisioning.


LawVu provides the ability to map your AzureAD roles into LawVu roles. This enables the configuration of access roles via the existing IT tools, which ensures central management of users and permissions. To utilize automatic role mapping in your LawVu app, both steps will need to be completed and configured in your Azure AD app.


You will require administrator access to your AzureAD (Office365) tenant and also be in touch with a LawVu technical contact in order to create the mapping in LawVu.

AzureAD - Role creation and user assignment.

Access the Enterprise app Lawvu and select “Users and Groups”. Click on “Application Registration”. Please note below the role assigned to a test user, which shows as “User” by default.

Click on “Create App Role” and create your LawVu roles here. The names don’t have to mirror the LawVu role names. The below four LawVu roles are available for mapping:

  • Administrator

  • In House Legal

  • Contributor

  • Standard User

Go back to your LawVu app and to “Users and Groups”. Add a user or a group and assign a role.

Add users, select the required role and apply.

Please note how the role assignment changed for our assigned user.

You can also change the role for an already existing user account under the app. Go to “Users and Groups”. Tick the box next to user account and click on “Edit Assignment”

Select the role as in the previous steps and assign to user.

AzureAD - Role attribute mapping for SCIM provisioning.

Create a custom attribute mapping for roles under Provisioning. Click on "Edit attribute mapping"

Expand Mappings and click on Provisioning AzureAD Users.

Scroll down and add new mapping

Create a new custom attribute mapping with below values.

Type: Expression

Expression: AppRoleAssignments([appRoleAssignments])

Target attribute: roles[primary eq “True”].value

Ensure to save your new settings and provide all newly created User roles to the LawVu technical team. All roles must be mapped on the backend of your LawVu configuration by a LawVu support team member. Without this mapping, at the backend, the roles will not apply to any of your accounts.

Did this answer your question?