Skip to main content
All CollectionsIntegrationsSingle Sign-on
OKTA SCIM (SSO) User Role Provisioning Configuration Guide
OKTA SCIM (SSO) User Role Provisioning Configuration Guide
Martin Walzak avatar
Written by Martin Walzak
Updated over a month ago

In this article:


Features

The following provisioning features are supported:

Push Role changes from OKTA profiles to LawVu


Requirements

You will require a LawVu account and be in contact with our implementation team.

It is also a prerequisite to have a fully configured LawVu application with SCIM support within your OKTA instance to use role provisioning.

Please complete all steps following this guide before proceeding with role provisioning: https://help.lawvu.com/en/articles/4475570-okta-scim-saml-sso-configuration-guide


Limitations

PLEASE READ: Restrictions after implementation

This is an optional configuration to provision roles, which means it's not necessary if your legal team prefers to configure roles within the LawVu platform.

However, if you choose to use SCIM role provisioning, please note that it will disable the ability to change and assign roles within the LawVu platform. The legal team member with administrative access typically handles this task manually in LawVu.

Before proceeding, it's essential to liaise with your legal team and clarify how roles should be assigned in LawVu.

Utilizing Teams in conjunction with role provisioning.

Please be aware that Team and Role provisioning cannot be utilized if members of the same team have different roles within the same group. Both Azure and Okta are designed to pass through only a single role at the group level. Therefore, assigning different roles to individual users would conflict with the overarching role established for that group.

Configuring four groups for each of the four roles in LawVu will be effective, as roles will be assigned at the group level.


Configure Role Provisioning

Use the below steps if you wish to configure role provisioning for the LawVu application automatically.

  1. Select your LawVu App under the Profile Editor list

  2. Click Add Attribute in the Attributes section to add the User Roles mapping.

Fill out the form so that it reflects the below settings.

Variable Name: lawuroles (can be anything)

External Name: roles.^[primary==true].value

External Namespace: urn:ietf:params:scim:schemas:core:2.0:User

Attribute Required: YES

Scope: Group

IMPORTANT: The values chosen under "VALUE" (red box) section must be provided to your LawVu implementation team to create the mapping between LawVu's role and the values configured. The value on your side must be manually matched to the corresponding value on the LawVu site by a LawVu technician.

The below four LawVu roles are available for mapping:

  • Administrator

  • In House Legal

  • Contributor

  • Standard User

For example, if you choose to name one of the roles "LawVuAdministrator" in your setup, you must let us know that you want this value mapped to the available role of "Administrator" in LawVu. The same procedure applies to the remaining roles for In House Legal, Contributor and Standard User.

3. Once completed, you can assign a user role to each user during the application assignment.


You might see a warning message under Provisioning. Please ignore as this is related to the custom roles configured under the app and not under the User Attribute editor. The missing mapping is not required in this constellation.


Reporting a problem

Prior to reporting a problem, kindly verify ALL the settings mentioned above. If the issue persists, please contact our support team for assistance.


โ€‹

Did this answer your question?