This document has been generated with machine translation.
This document describes the steps for configuring SSO settings in the Microsoft Entra ID management console.
*For LegalOn's SSO settings, refer to [Set up SSO].
Usage Cases
*Please contact your company's IT Administrator regarding your Options subscription status. *If you wish to apply for Options, please inform your sales representative. |
Important Notes
Current, SAML authentication only supports SP-Initiated SSO (where the Service Provider begins SAML authentication). This requires a Login from the LegalOn login screen each time. Please note that the authentication process will fail with an Error if IdP-Initiated SSO is used.
If SSO is enabled in the Status with incorrect settings, closing the browser or Logout will prevent subsequent Logins. After enabling SSO, please ensure you test whether Login is successful by following the "Test Login with SSO " procedure in another browser or in the same browser's incognito mode, while keeping the SSO settings screen Open.
Configuring SSO settings in the Entra ID admin console
Basic SAML Configuration Settings
Move to [Enterprise Applications] → [Single Sign-E-Signature]
2. Select [SAML] from [Select Single Sign-On Method]
3. Select [Basic SAML Configuration], click [Save], and configure the following:
Identifier (Entity ID(Identifier))
Paste the value from LegalOn's [SSO settings screen] → [Identity provider information (IdP)] → [Entity ID(Identifier)]
Response URL (Assertion Consumer Service URL)
Paste the value from LegalOn's [SSO settings screen] → [Identity provider information (IdP)] → [Endpoint URL]
After entering the values, please click [Save].
[Attributes and Claims] Settings
LegalOn's SAML authentication expects to receive the Email address value from Entra ID ID as the Name ID. Refer to the following for configuration instructions.
Click [Save] under [Attributes and Claims]
Click [Unique User ID (Name ID)] and enter (or make a Change to) the following items
Item | Change Input Value |
Name ID Format | Email Address |
Source Attribute | user.mail |
After entering the value, please click [Save].
Values obtained from Microsoft Entra ID | LegalOn configuration items |
[Setup for {Enterprise Application Name}] → [Login URL] | Copy and paste into the [Identity provider endpoint URL (HTTP redirect)] field on the LegalOn SSO settings screen |
Entra ID's [SAML Certificate] → [Certificate (Base64)] | Method: Click [Download], then paste into the [SAML signing certificate (X.509 public key certificate issued by the identity provider)] field on the LegalOn SSO settings screen
|
Email domain Enabled for SAML authentication | Enter it in the [Email domain] field of the LegalOn SSO settings screen. |
Troubleshooting
If the following Error screen is Displayed during Login:
① Assign [user.userprincipalname] to the source attribute of [emailaddress]
Click [Attributes and Claims] → [Add New Claim], then configure the following items and values (*).
Name: emailaddress
Source: Attribute
Source Attribute: user.userprincipalname
(*) If there is an item with the value [user.mail] under [Attributes and Claims] → [Add Requests]:
Click the claim name [user.mail] and please enter the email address to be Enabled for SSO Login.
② Restart the tab or browser, open " https://app.legalon-cloud.com/ ", and perform SSO login again.
If the issue persists, contact the support team via " Get Support - How to Contact Us ".
This completes the Entra ID side configuration.
After completing these settings, proceed with the SSO settings on the LegalOn side.
For instructions on configuring SSO settings on the LegalOn side, refer to 'Set up SSO '."