This article explains the features of the new LegalOn. For information on the current version’s product features, please refer to this page.
This section provides instructions for configuring Single sign-on (SSO) on the Okta administration page. For details on how to set up SSO on the LegalOn side, please refer to "How to set up Single sign-on (SSO)".
Requirements
Active Okta subscription
Matching email addresses registered in both Okta and LegalOn.
*Please contact your company's IT administrator to inquire about the subscription status of this feature.
*If you wise to apply for this feature, please contact your sales representative.
⚠️ Notes
LegalOn's SAML authentication currently supports only SP-Initiated SSO, where the Service Provider (LegalOn) initiates the SAML authentication. This means users must initiate login from the LegalOn login page each time. IdP-Initiated SSO will result in an error and will not complete the authentication process.
Caution: If SSO is enabled with incorrect settings, you will be unable to log in if you close your browser or log out. Always test login success using the procedure described in "Testing SSO Login" (refer to "Setting up SSO (Single Sign-On)") in a different browser or incognito mode while the SSO settings remains open.
Set up SSO on Okta's administration page
Log in to Okta with your administrator account.
Navigate to [Applications] > [Applications]. Click [Browse App Catalog].
Type "LegalOn" in the search bar and select the "LegalOn" app.
Click [Add Integration].
Copy the "Endpoint URL" from your LegalOn SSO settings (refer to "How to set up Single sign-on (SSO)") and paste it into the "Endpoint URL" field within the General settings tab in Okta. Then, click [Done].
Notes
Since LegalOn only supports SP-Initiated SSO, it is recommended to check the "Do not display application icon to users" and "Do not display application icon in the Okta Mobile app" checkboxes.
Click the [Assignments] tab, then [Assign], and assign the users who will be subject to SSO.
Open the [Sign On] tab and click [Edit] under [Settings].
Under "Credentials Details," change the "Application username format" to "Email" and click [Done].
Okta configuration items | logical input value |
Application username format |
9. Click [More details] on the [Sign On] tab.
10. Obtain the [Sign on URL] and [Signing Certificate] from this page. You will use these for the LegalOn SSO settings.
Value from Okta | LegalOn items |
Sign on URL
| Copy and paste into [ID Provider Endpoint URL (HTTP-Redirect)] on the LegalOn SSO Settings page |
Signing Certificate | Method 1: Click [Download] and paste into [Certificate for public key used by ID provider for signing (X.509 Certificate)] on the LegalOn SSO Settings page. Copy and paste all strings including "----BEGINCERTIFICATE----- and -----END CERTIFICATE-----".
Method 2: Click [Copy] and paste the following formatted data into the "Certificate of the public key used by the ID provider for signing (X.509 certificate)" on the LegalOn SSO settings page. -----BEGIN CERTIFICATE----- |
* The following SAML attributes are supported:
Name | Value |
Name | user.email |
This completes the Okta setup. Once this configuration is complete, proceed to configure SSO settings on the LegalOn side. For more details, please refer to "How to set up Single sign-on (SSO)".