All Collections
Integrations
Single Sign-on
OKTA SCIM (SSO) User Role Provisioning Configuration Guide
OKTA SCIM (SSO) User Role Provisioning Configuration Guide
Martin Walzak avatar
Written by Martin Walzak
Updated over a week ago

In this article:

Features

The following provisioning features are supported:

Push Role changes from OKTA profiles to LawVu

Requirements

You will require a LawVu account and be in contact with our implementation team.

It is also a prerequisite to have a fully configured LawVu application with SCIM support within your OKTA instance to use role provisioning.

Please complete all steps following this guide before proceeding with role provisioning: https://help.lawvu.com/en/articles/4475570-okta-scim-saml-sso-configuration-guide

PLEASE READ: Restrictions after implementation

This is an optional configuration to provision roles, which means it's not necessary if your legal team prefers to configure roles within the LawVu platform.

However, if you choose to use SCIM role provisioning, please note that it will disable the ability to change and assign roles within the LawVu platform. The legal team member with administrative access typically handles this task manually in LawVu.

Before proceeding, it's essential to liaise with your legal team and clarify how roles should be assigned in LawVu.

Configure Role Provisioning

Use the below steps if you wish to configure role provisioning for the LawVu application automatically.

  1. Select your LawVu App under the Profile Editor list

  2. Click Add Attribute in the Attributes section to add the User Roles mapping.

Fill out the form so that it reflects the below settings.

Variable Name: lawuroles (can be anything)

External Name: roles.^[primary==true].value

External Namespace: urn:ietf:params:scim:schemas:core:2.0:User

Attribute Required: YES

Scope: Group

IMPORTANT: The values chosen under "VALUE" (red box) section must be provided to your LawVu implementation team to create the mapping between LawVu's role and the values configured. The value on your side must be manually matched to the corresponding value on the LawVu site by a LawVu technician.

The below four LawVu roles are available for mapping:

  • Administrator

  • In House Legal

  • Contributor

  • Standard User

For example, if you choose to name one of the roles "LawVuAdministrator" in your setup, you must let us know that you want this value mapped to the available role of "Administrator" in LawVu. The same procedure applies to the remaining roles for In House Legal, Contributor and Standard User.

3. Once completed, you can assign a user role to each user during the application assignment.

You might see a warning message under Provisioning. Please ignore as this is related to the custom roles configured under the app and not under the User Attribute editor. The missing mapping is not required in this constellation.

Reporting a problem

Prior to reporting a problem, kindly verify ALL the settings mentioned above. If the issue persists, please contact our support team for assistance.


โ€‹

Related Articles
OKTA SCIM & SAML (SSO) Configuration Guide
OKTA JIT & SAML (SSO) Configuration Guide
SSO (SingleSignOn) Information guide
AzureAD (Office365) - Mapping Roles to Lawvu Roles via SSO
OneLogin SCIM & SAML (SSO) Configuration
Did this answer your question?