All Collections
Single Sign-on
OKTA SCIM (SSO) User Role Provisioning Configuration Guide
OKTA SCIM (SSO) User Role Provisioning Configuration Guide
Martin Walzak avatar
Written by Martin Walzak
Updated over a week ago

In this article:


The following provisioning features are supported:

Push Role changes from OKTA profiles to LawVu


You will require a LawVu account and be in contact with our implementation team.

It is also a prerequisite to have a fully configured LawVu application with SCIM support within your OKTA instance to use role provisioning.

Please complete all steps following this guide before proceeding with role provisioning:

Important Notice

This is an optional configuration to provision roles. It is not required to complete this guide if your legal team prefers to configure roles within the LawVu platform.

Please also note that configuring SCIM role provisioning will disable the ability to change and assign roles within the LawVu platform. The legal team member with administrative access usually does this task manually in LawVu.

Using SCIM role provisioning will require an IT member with admin access to OKTA to change the role within your OKTA user management.

Please liaise with your legal team and clarify how roles should be assigned in LawVu before configuring the next step.

Configure Role Provisioning

Use the below steps if you wish to configure role provisioning for the LawVu application automatically.

  1. Select your LawVu App under the Profile Editor list

  2. Click Add Attribute in the Attributes section to add the User Roles mapping.

  3. Fill out the form so that it reflects the below settings.

    IMPORTANT: The values chosen under "Attribute Members" (red box) section must be provided to your LawVu implementation team to create the mapping between LawVu's role and the below values configured. The mapping is a 1:1 manual mapping between the chosen values and the LawVu roles.

    Variable Name: lawuroles (can be anything)

    External Name: roles.^[primary==true].value

    External Namespace: urn:ietf:params:scim:schemas:core:2.0:User

  4. Once completed, you can assign a user role to each user during the application assignment.

You might see a warning message under Provisioning. Please ignore as this is related to the custom roles configured under the app and not under the User Attribute editor. The missing mapping is not required in this constellation.

Reporting a problem

Prior to reporting a problem, kindly verify ALL the settings mentioned above. If the issue persists, please contact our support team for assistance.

Did this answer your question?