In this article:
Features
The following provisioning features are supported:
Push Role changes from OKTA profiles to LawVu
Requirements
You will require a LawVu account and be in contact with our implementation team.
It is also a prerequisite to have a fully configured LawVu application with SCIM support within your OKTA instance to use role provisioning.
Please complete all steps following this guide before proceeding with role provisioning: https://help.lawvu.com/en/articles/4475570-okta-scim-saml-sso-configuration-guide
Limitations
PLEASE READ: Restrictions after implementation
This is an optional configuration to provision roles, which means it's not necessary if your legal team prefers to configure roles within the LawVu platform.
However, if you choose to use SCIM role provisioning, please note that it will disable the ability to change and assign roles within the LawVu platform. The legal team member with administrative access typically handles this task manually in LawVu.
Before proceeding, it's essential to liaise with your legal team and clarify how roles should be assigned in LawVu.
Utilizing Teams in conjunction with role provisioning.
Please be aware that Team and Role provisioning cannot be utilized if members of the same team have different roles within the same group. Both Azure and Okta are designed to pass through only a single role at the group level. Therefore, assigning different roles to individual users would conflict with the overarching role established for that group.
Configuring four groups for each of the four roles in LawVu will be effective, as roles will be assigned at the group level.
Configure Role Provisioning
Use the below steps if you wish to configure role provisioning for the LawVu application automatically.
Select your LawVu App under the Profile Editor list
Click Add Attribute in the Attributes section to add the User Roles mapping.
Fill out the form so that it reflects the below settings.
Variable Name: lawuroles (can be anything)
External Name: roles.^[primary==true].value
External Namespace: urn:ietf:params:scim:schemas:core:2.0:User
Attribute Required: YES
Scope: Group
IMPORTANT: The values chosen under "VALUE" (red box) section must be provided to your LawVu implementation team to create the mapping between LawVu's role and the values configured. The value on your side must be manually matched to the corresponding value on the LawVu site by a LawVu technician.
The below four LawVu roles are available for mapping:
Administrator
In House Legal
Contributor
Standard User
For example, if you choose to name one of the roles "LawVuAdministrator" in your setup, you must let us know that you want this value mapped to the available role of "Administrator" in LawVu. The same procedure applies to the remaining roles for In House Legal, Contributor and Standard User.
If you're using our SSO self-service portal, then you can paste those roles into the LawVu configuration yourself.
3. Once completed, you can assign a user role to each user during the application assignment.
You might see a warning message under Provisioning. Please ignore as this is related to the custom roles configured under the app and not under the User Attribute editor. The missing mapping is not required in this constellation.
Reporting a problem
Prior to reporting a problem, kindly verify ALL the settings mentioned above. If the issue persists, please contact our support team for assistance.
β