This article explains the features of the new LegalOn. For information on the current version’s product features, please refer to this page.
This section outlines the steps to set up SSO within the Microsoft Entra ID administration portal. For instructions on setting up SSO within LegalOn, please refer to "How to set up Single sign-on (SSO)".
Requirements
Active use of Enterprise Applications in Microsoft Entra ID
Matching email addresses registered in both Microsoft Entra ID and LegalOn.
*Please contact your company's IT administrator to inquire about the subscription status of this feature.
*If you wise to apply for this feature, please contact your sales representative.
⚠️ Notes
LegalOn's SAML authentication currently supports only SP-Initiated SSO, where the Service Provider (LegalOn) initiates the SAML authentication. This means users must initiate login from the LegalOn login page each time. IdP-Initiated SSO will result in an error and will not complete the authentication process.
Caution: If SSO is enabled with incorrect settings, you will be unable to log in if you close your browser or log out. Always test login success using the procedure described in "Testing SSO Login" (refer to "Setting up SSO (Single Sign-On)") in a different browser or incognito mode while the SSO settings remains open.
Sett up SSO in Microsoft Entra ID
1. Basic SAML Set up
Navigate to [Enterprise applications] > [Single sign-on].
From [Select a single sign-on method], choose [SAML].
Select [Basic SAML Configuration] and click [Edit]. Adjust the following settings in the system:
Identifier (Entity ID): Paste the value from LegalOn's [SSO Settings page] > [Registration information for Identity Provider (IdP)] > [Entity ID].
Reply URL (Assertion Consumer Service URL): Paste the value from LegalOn's [SSO Settings page] > [Registration information for Identity Provider (IdP)] > [Endpoint URL].
After entering the values, click [Save].
2. "Attributes & Claims" Set up
LegalOn's SAML authentication expects the email address value from Entra ID to be received as the Name ID. Follow these steps:
Click [Attributes & Claims] > [Edit].
Click [Unique User Identifier (Name ID)] and enter (or change) the following fields:
Field | New Value |
Name identifier format | Email address |
Source attribute |
|
3. After entering the values, click [Save].
Value from Microsoft Entra ID | LegalOn setting item |
[{Enterprise application name} Setup] > [Login URL] | Copy and paste into [ID Provider Endpoint URL (HTTP-Redirect)] on LegalOn's SSO settings screen. |
Entra ID [SAML Certificates] > [Certificate (Base64)] | Method: Click [Download] and paste the content into [Certificate for the public key used by the ID provider for signing (X.509 Certificate)] on LegalOn's SSO settings page. Copy and paste the entire string, including "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----". |
Email domain used for SAML authentication | Enter into [Email domain] on LegalOn's SSO settings screen. |
Troubleshooting
If you encounter an error page during login:
Assign
user.userprincipalnameto theemailaddresssource attribute:
Click [Attributes & Claims] > [Add new claim] and set the following items and values (*):Name:
emailaddressNamespace:
http://schemas.xmlsoap.org/ws/2005/05/identity/claimsSource: Attribute
Source attribute:
user.userprincipalname
(*) If "Additional claims" in "Attributes & Claims" already contains an item with the value
user.mail: Click on the claim name with the valueuser.mailand enter the email address used for SSO login.
Restart the tab or browser, open
https://app.legalontech.com/, and attempt SSO login again.
If the issue persists, please contact our support team.
This completes the setup on the Microsoft Entra ID side. Once this setup is finished, proceed to set up SSO on the LegalOn side.
Please refer to "How to set up Single sign-on (SSO)" for instructions on setting up SSO within LegalOn.