This document has been generated with machine translation.

This section describes the procedure for setting up SSO on the Microsoft Entra ID management screen.

*For information on how to configure SSO settings on LegalOn, refer to "Set up SSO (single sign-on)".

Terms of Use

Users of tenants that have contracted the SSO (single sign-on) option
Permissions that can be set: IT Administrator
Settings on Microsoft Entra ID / Terms of use for SSO settings:
- Users who have a Microsoft Entra ID contract
- Using enterprise applications with Microsoft Entra ID
- The email address registered with Microsoft Entra ID matches the email address registered with LegalOn

*Please contact your IT administrator for the status of your option contract.

*If you would like to apply for options, please contact your sales representative.

Important

SAML authentication currently only supports SP-Initiated SSO (a method in which the service provider initiates SAML authentication), and you will need to log in from the LegalOn login screen each time. Please note that the authentication process will result in an error and will not be completed with IdP-Initiated SSO.
If you enable SSO with incorrect settings, you will not be able to log in if you close your browser or log out. After enabling SSO, please make sure to test that you can log in by following the steps in "Test SSO login " with the SSO settings screen open in a different browser or in incognito mode in the same browser.

Configure SSO on the Entra ID management screen

1. Move to [Enterprise Applications] → [Single Sign-On].

2. Select [SAML] from [Select Single Sign-On Method].

3. Select [Basic SAML Configuration], click [Save], and configure the following settings

Identifier (Entity ID)
- Paste the value from LegalOn's SSO settings screen → Identity provider information → Entity ID.
Response URL (Assertion Consumer Service URL)
- Paste the value from LegalOn's [SSO Settings] → [Identity provider (IdP) registration information] → [Endpoint URL].

After entering the values, click [Save].

LegalOn's SAML authentication expects to receive the email address on Entra ID as the Name ID. Please refer to the following for the setting method.

1. Click [Attributes and Claims] → [Save].

2. Click [Unique User Identifier (Name ID)] and enter (change) the following items

After entering the value, click [Save].

Values obtained from Microsoft Entra ID	LegalOn settings
[Enterprise Application Name] Setup] → [Login URL	Copy and paste into "Identity provider endpoint URL (HTTP redirect)" on the LegalOn SSO settings screen.
Entra ID [SAML Certificate] → [Certificate (Base64)]	Method: Click [Download] and paste into [SAML signing certificate (X.509 public key certificate issued by the identity provider)] on the LegalOn SSO settings screen. Copy and paste all characters from "-----BEGIN CERTIFICATE-----" to "----END CERTIFICATE-----" in .
Email domain enabled for SAML authentication	Enter in the "Email domain" field of the LegalOn SSO settings screen.

Troubleshooting

If the following error screen appears when logging in:

① Assign [user.userprincipalname] to the source attribute of [emailaddress]

Click [Attributes and Claims] → [Add New Claim] and set the following items and values (*).

(*) If there is an item with the value "user.mail" in [Attributes and Claims] → [Add Request]:

Click the claim name [user.mail] and enter the email address you want to use for SSO login.

(2) Restart the tab or browser, open " https://app.legalon-cloud.com/," and log in to SSO again.

If the problem persists, please contact our support team via " Get Support - How to Contact Us."

This completes the settings on the Entra ID side.

Once the settings are complete, configure the SSO settings on the LegalOn side.

For instructions on how to configure SSO settings on LegalOn, please refer to "Set up SSO (single sign-on)".