This document has been generated with machine translation.
*For instructions on how to set up SSO on the LegalOn side, please refer to [Set up SSO].
Terms of Use
LegalOn Terms
Requirements on the Microsoft Entra ID side
*If you wish to subscribe to Options, please contact your sales representative. |
Important Notes
Currently, SAML authentication only supports SP-Initiated SSO (a method where the Service Provider begins SAML authentication), so you must log in from the LegalOn login screen each time. Please note that the IdP-Initiated SSO authentication process will result in an error and authentication will not be completed.
If you enable SSO while the settings are incorrect, you will be unable to log in if you close your browser or Logout. After enabling SSO, please ensure you test whether you can log in successfully by following the " Test SSO Login " procedure in a different browser or in incognito mode of the same browser, while keeping the SSO settings screen open.
Configuring SSO settings in the Entra ID Admin Console
Configuring [Basic SAML Configuration]
1. Click [Enterprise Applications] → [+ New Application]
2. Under [Create Custom Application], enter (or select) the following items, then click [Create]
Field | Input |
What is the name of your app? | Enter {any application name} Example: LegalOn |
What actions do you want to perform in the application? | Select [Integrate other applications not found in the Gallery (outside the Gallery)] |
3. Click [Single Sign-On], then select [SAML] from [Select Single Sign-On Method]
4. Select [Basic SAML Configuration], click [Save], and configure the following
Identifier (Entity ID)
Paste the value from LegalOn’s [SSO settings screen] → [Identity provider information] → [Entity ID(Identifier)]
Response URL (Assertion Consumer Service URL)
Paste the value from LegalOn’s [SSO settings screen] → [Identity provider information] → [Endpoint URL]
After entering the values, please click [Save].
[Attributes and Claims] Settings
For LegalOn's SAML authentication, we expect to receive the Email address value from Entra ID as the Name ID. Please refer to the following for configuration instructions.
1. Click [Attributes and Claims] → [Save]
2. Click [Unique User ID (Name ID)] and enter (or change) the following items
Field | Change in Input Value |
Name Identifier Format | Email address |
Source Attribute | user.mail |
After entering the value, please click [Save].
Values Retrieved from Microsoft Entra ID | LegalOn configuration items |
[Set up {Enterprise Application Name}] → [Login URL] | Copy and paste into [Identity provider endpoint URL (HTTP redirect)] on the LegalOn SSO settings screen |
Entra ID [SAML Certificate] → [Certificate (Base64)] | Instructions: Click [Download] and paste it into the [SAML signing certificate (X.509 public key certificate issued by the identity provider)] field on the LegalOn SSO settings screen
Copy and paste all the strings from [-----BEGIN CERTIFICATE-----] to [----END CERTIFICATE-----], including |
Email domain enabled for SAML authentication | Enter this in the [Email domain] field on the LegalOn SSO settings screen |
Troubleshooting
If the following error screen is displayed during Login:
① Assign [user.userprincipalname] to the source attribute for [emailaddress]
Click [Attributes and Claims] → [Add New Claim], and configure the following fields and values (*).
Name: emailaddress
Source: Attribute
Source Attribute: user.userprincipalname
(*) If there is an item with the value [user.mail] under [Attributes and Claims] → [Add Claims]:
Click the claim name [user.mail] and please enter the email address to be used for SSO login.
② Restart the tab or browser, Open " https://app.legalon-cloud.com/ ", and attempt SSO Login again
If the issue persists, please contact the support team via " Get Support - How to Contact Us."
This completes the Entra ID configuration.
Once the configuration is complete, please proceed with the SSO settings on the LegalOn side.
For instructions on SSO settings on the LegalOn side, please refer to "Set up SSO. "