Skip to main content

How to Set Up SSO (Single Sign-On) in Okta

Written by LegalOnサポートチーム
Updated over a week ago

This document has been generated with machine translation.


Check the Modules Enabled / User types

The following describes the steps for configuring SSO settings in the Okta admin console.

*For instructions on setting up SSO on the LegalOn side, please refer to "Set up SSO (Single Sign-On)."

Usage Requirements

  • Users in a tenant that has subscribed to the SSO (Single Sign-On) option

  • Permissions required: IT Admin role

  • Have an Okta subscription

  • The email address registered with Okta matches the email address registered with LegalOn

*Please contact your company’s IT Administrator regarding the status of your subscription for the Options.

*If you wish to subscribe to one of the Options, please contact your sales representative.

Important Notes

  • Currently, SAML authentication supports only SP-Initiated SSO (a method where the Service Provider begins SAML authentication), so you must log in from the LegalOn login screen each time. Please note that the IdP-Initiated SSO authentication process will result in an error and authentication will not be completed.

  • If you enable SSO while the settings are incorrect, you will be unable to log in if you close your browser or Logout. After enabling SSO, please ensure you test whether login is successful by following the " Test SSO Login " procedure in a different browser or in incognito mode of the same browser, while keeping the SSO settings screen open.

SSO settings in the Okta Admin Console

1. Log in to Okta with an Administrator account

2. Click [Applications] → [Applications] → [Browse App Catalog]

3. Enter "LegalOn" in the search bar and click the [LegalOn (Japan)] app

4. Click [+ Add Integration]

5. On the [General Settings] tab, copy and paste the [Endpoint URL] from LegalOn’s SSO settings into the [Endpoint URL] field, then click [Done]

Important Note

LegalOn supports only SP-initiated SSO (a method where the Service Provider begins SAML authentication).

Therefore, we recommend checking the boxes for [Do not display the application icon to Users] and [Do not display the application icon in the Okta mobile app].

6. Click the [Assignments] tab, then [Assignments], and assign the Users you want to include in SSO

7. Open the [Sign-on] tab and click [Edit] under the [Settings] section

8. Under [Credential Details], change [Application User name Format] to [Email address] and click [Save]

Okta Settings

Input Value

Application User name Format

Email address

9. Click [Details] on the [Sign-On] tab

10. Obtain the [Sign-on URL] and [Signing Certificate] required for LegalOn's SSO settings, and copy and paste them into the corresponding fields in LegalOn's SSO settings

Values to obtain from Okta

LegalOn configuration fields

Sign-on URL

Copy and paste into the [Identity provider endpoint URL (HTTP redirect)] field on the LegalOn SSO settings screen

Signing Certificate

Method 1: Click [Download], then paste into the [SAML signing certificate (X.509 public key certificate issued by the identity provider)] field on the LegalOn SSO settings screen

* Please copy and paste all the strings, including "----BEGINCERTIFICATE----- 
" and "-----END CERTIFICATE-----" 
, to 
.

Method 2: Click [Copy], then paste the formatted data into the "SAML signing certificate (X.509 public key certificate issued by the identity provider)" field on the LegalOn SSO settings screen

-----BEGIN CERTIFICATE----- 
(Data from the Copy of the "Signing Certificate" 
) 
-----END CERTIFICATE-----

Note

The following SAML attributes are supported.

  • Name: email

  • Value: user.email

This completes the Okta configuration.

Once the configuration is complete, please configure SSO settings on the LegalOn side.

For instructions on how to set up SSO on the LegalOn side, please refer to "Set up SSO (Single Sign-On)."

Did this answer your question?