In this article:
Features
The following provisioning features are supported:
Push Role changes from OKTA profiles to LawVu
Requirements
You will require a LawVu account and be in contact with our implementation team.
It is also a prerequisite to have a fully configured LawVu application with SCIM support within your OKTA instance to use role provisioning.
Please complete all steps following this guide before proceeding with role provisioning: https://help.lawvu.com/en/articles/4475570-okta-scim-saml-sso-configuration-guide
Limitations
PLEASE READ: Restrictions after implementation
Role provisioning via SCIM is optional and your legal team can continue managing roles directly in LawVu if preferred.
Enabling SCIM role provisioning disables role management in LawVu, centralizing control through your SSO provider. Your legal team’s admin typically handles these assignments manually in LawVu.
Before proceeding, confirm with your legal team how roles should be managed.
Utilizing Teams in conjunction with role provisioning.
Please note that Team and Role provisioning cannot be used if members of the same team require different roles within one group. OKTA only supports a single role per group, so assigning different roles to individual users would conflict with the group-level role.
Tip: Create four separate groups, one for each LawVu role to ensure roles are assigned correctly at the group level.
Configure Role Provisioning
Use the below steps if you wish to configure role provisioning for the LawVu application automatically.
Select your LawVu App under the Profile Editor list
Click Add Attribute in the Attributes section to add the User Roles mapping.
Fill out the form so that it reflects the below settings.
Variable Name: lawuroles (can be anything)
External Name: roles.^[primary==true].value
External Namespace: urn:ietf:params:scim:schemas:core:2.0:User
Attribute Required: YES
Scope: User or Group
Select if the role assignment should be used on a user or group level. If you require both then please add an addtiional attribute with the corresponding scope.
IMPORTANT: The values chosen under "VALUE" (red box) section must be provided to your LawVu implementation team to create the mapping between LawVu's role and the values configured. The value on your side must be manually matched to the corresponding value on the LawVu site by a LawVu technician.
The below four LawVu roles are available for mapping:
Administrator
In House Legal
Contributor
Standard User
For example, if you choose to name one of the roles "LawVuAdministrator" in your setup, you must let us know that you want this value mapped to the available role of "Administrator" in LawVu. The same procedure applies to the remaining roles for In House Legal, Contributor and Standard User.
If you're using our SSO self-service portal, then you can paste those roles into the LawVu configuration yourself.
3. Once completed, you can assign a user role to each user during the application assignment.
You might see a warning message under Provisioning. Please ignore as this is related to the custom roles configured under the app and not under the User Attribute editor. The missing mapping is not required in this constellation.
Reporting a problem
Prior to reporting a problem, kindly verify ALL the settings mentioned above. If the issue persists, please contact our support team for assistance.