In this article:
Requirements
It is assumed at this stage that our AzureAD SCIM guide has been followed and the LawVu gallery app is fully configured. Additionally, you will require an administrative account for your AzureAD tenant.
Important Notes
Please note that Microsoft recommends using your Office365 login, which is the UPN, as the login to cloud applications. But it might be required, in specific configurations, to change the synced login from the user's UserPrincipalName to the user's primary email address.
Attribute Configuration
Select your LawVu enterprise app and go to Provisioning.
Click on "Edit attribute mappings"
Click on "Provision Azure AD Users"
Click on "UserPrincipalName"
Change the 'Source Attribute from UPN to mail.
The final result should look like the below screenshot under your attribute mappings. The below setting shows that the "mail" has been mapped to become the "username" in LawVu.
IMPORTANT: Verify your SAML Claims
Please ensure that the "user.email" claim is set to the mandatory "nameID" claim.
If the "user.mail" claim is missing, the login will fail.
By modifying the below claims you are ensuring that the recently changed username attribute is also present in the SAML request during login.
Click on EDIT under "Attributes and Claims"
Delete all claims under the "Additional claims" window.
Click on the (Name ID) claim to edit it.
Change the source attribute to the recently configured "user.mail" attribute.
The final configuration should look like the below screenshot.
If SCIM has been utilised to sync users, then the only required claim during login is the mandatory (NAME ID), which is now set to the user's email address.
Reporting a problem
Before you report a problem, can you please check ALL of the above settings? If the issue persists, then please get in touch with our support team.