All Collections
Integrations
Single Sign-on
OneLogin SCIM & SAML (SSO) Configuration
OneLogin SCIM & SAML (SSO) Configuration
Martin Walzak avatar
Written by Martin Walzak
Updated over a week ago

In this article:


Features

The following provisioning features are supported:

  1. Push new users

  2. Push profile updates

  3. Push user deactivation


Requirements

You will require a LawVu account and be in contact with our implementation team.


Create a new LawVu app

Go to Applications in OneLogin. Click on Add App and search for “SCIM”.

Select the below app and give your new application a name.

“SCIM Provisioner with SAML (SCIM v2 Enterprise, full SAML)”

You can also upload our LawVu logo from this URL.


Configure SAML Settings

Once the configuration screen appears, please check that SAML NameID is set to email.


Please go to the “Configuration” page and enter/set the following settings.

SAML Audience URL

ACS (Consumer) URL Validator

Provided by LawVu (SSO reply URL)

ACS (Consumer) URL

Provided by LawVu (SSO reply URL)

Single Logout URL

BLANK (not needed)

Login URL

BLANK (not needed)

SAML initiator

OneLogin

SAML nameID format

Email

SAML issuer type

Specific

SAML signature element

Assertion


Configure SCIM Settings

Enable the API Connection under the configuration page and enter the below details.

SCIM BASE URL

Provided by LawVu

SCIM Bearer Token

Provided by LawVu

SCIM JSON Template

Please replace the entire JSON with this entry.

{

"schemas": [

"urn:ietf:params:scim:schemas:core:2.0:User",

"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"

],

"userName": "{$user.email}",

"name": {

"familyName": "{$user.lastname}",

"givenName": "{$user.firstname}"

},

"emails": [{

"value": "{$user.email}",

"type": "work",

"primary": true

}],

"phoneNumbers": [{

"value": "{$user.phone}",

"type": "work",

"primary": true

}],

"title": "{$user.title}",

"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":

{

"department": "{$user.department}"

}

}

Please change the Signature Algorithm to SHA-256 under SSO.

Please enable provisioning and select your desired admin approval process.

Don’t forget to add the desired users to the app and check your provisioning logs.


Please provide your SAML Metadata back to your LawVu Technical Team.

The LawVu team requires the following details:

Issuer URL

SAML Endpoint - POST URL

Certificate - BASE64 Format


Reporting a problem

Prior to reporting a problem, kindly verify ALL the settings mentioned above. If the issue persists, please contact our support team for assistance.

Did this answer your question?