This document has been generated with machine translation.
This document describes the steps for configuring SSO settings in the Microsoft Entra ID management console.
*For LegalOn's SSO settings, refer to [Set up SSO (Single Sign-On)].
Usage Conditions
*Please contact your company's IT Administrator regarding your Options service subscription status. *If you wish to apply for Options, please inform your assigned sales representative. |
Important Notes
Currently, SAML authentication only supports SP-Initiated SSO (where the Service Provider begins SAML authentication). This requires logging in from the LegalOn login screen each time. Please note that the authentication process will fail with an error if IdP-Initiated SSO is used.
If SSO is Enabled with incorrect settings, closing the browser or Logout will prevent subsequent logins. After enabling SSO, please ensure you test login success by following the " Test SSO Login " procedure in a separate browser or the same browser's incognito mode while keeping the SSO settings screen open.
SSO settings in the Entra ID management console
Basic SAML Configuration Settings
1. Click [Enterprise Applications] → [+ New Application]
2. Under [Create Your Own Application], enter (or select) the following items and click [Create]
Field | Input |
What is the name of your application? | Enter {any application name} Example: LegalOn |
What operation do you want to perform in the application? | Select [Integrate other applications not found in the gallery (outside the gallery)] |
3. Click [Single Sign-On], then select [SAML] from [Select Single Sign-On Method]
4. Select [Basic SAML Configuration], click [Save], and configure the following:
Identifier (Entity ID)
Paste the value from LegalOn's [SSO settings screen] → [Identity provider information] → [Entity ID(Identifier)]
Response URL (Assertion Consumer Service URL)
Paste the value from LegalOn's [SSO settings screen] → [Identity provider information] → [Endpoint URL].
After entering the values, please click [Save].
[Attributes and Claims] Settings
LegalOn's SAML authentication expects to receive the Email address value from Entra ID as the Name ID. Refer to the following for the configuration method.
1. Click [Save] under [Attributes and Claims]
2. Click [Unique User ID (Name ID)] and enter (or change) the following items
Item | Change in Input Value |
Name ID Format | Email address |
Source Attribute | user.mail |
After entering the value, please click [Save].
Values obtained from Microsoft Entra ID | LegalOn configuration items |
[Setup for {Enterprise Application Name}] → [Login URL] | Copy and paste into the [Identity provider endpoint URL (HTTP redirect)] field on the LegalOn SSO settings screen |
Entra ID's [SAML Certificate] → [Certificate (Base64)] | Method: Click [Download], then paste into the [SAML signing certificate (X.509 public key certificate issued by the identity provider)] field on LegalOn's SSO settings screen
|
Email domain enabled for SAML authentication | Enter it in the [Email domain] field of the LegalOn SSO settings screen. |
Troubleshooting
If the following error screen is displayed during login:
① Assign [user.userprincipalname] to the source attribute of [emailaddress]
Click [Add New Claim] under [Attributes and Claims], then configure the following item and value (*).
Name: emailaddress
Source: Attribute
Source attribute: user.userprincipalname
(*) If there is an item with the value [user.mail] under [Attributes and Claims] → [Add Requests]:
Click the claim name [user.mail] and please enter the email address to be used for SSO login.
② Restart the tab or browser, Open " https://app.legalon-cloud.com/ ", and perform SSO Login again.
If the issue persists, contact the support team via " Get Support - How to Contact Us ".
This completes the Entra ID side configuration.
After completing these settings, proceed with the SSO settings on the LegalOn side.
For instructions on SSO settings on the LegalOn side, refer to "Set up SSO".