Info
LAWLIFT uses asymmetric encryption to assure that all data that reaches our servers is encrypted. To enable users to decrypt data that is received from our servers we rely on a mechanism that requires an email and password combination from the user login. As SSO users do not have a dedicated LAWLIFT password, we must adjust the encryption mechanisms. To do this we use Microsoft Azure Key Vault.
Please note:
Users who were initially created as “native” users with an email and password combination will be converted to “SSO only” users. This requires re-activation by an admin from your account.
To enable Microsoft Azure Key Vault to handle the key management for your users, follow these steps:
Create a Key Vault:
Define the subscription and resource group, as well as the name, your preferred region, and the pricing tier.
Access Configuration:
It is important to define an access policy as the permission model in your setup. You can then add an access policy below, to do so click on “create”.
For each access policy, you need to define “secret permissions”. In our case, allow “Get”, “List”, and “Set”. To complete this step, assign the permissions to your LAWLIFT app registration in the “Application” tab.
There are no further specific requirements for the Key Vault creation to use it with LAWLIFT. You can define all other settings according to your needs or policies. Now, you only need to make sure that you allow the users from your Azure EntraID tenant to access the Key Vault. Microsoft allows this by default.
Key Vault URL:
After you successfully create an Azure Key Vault, please provide the Key Vault URL to LAWLIFT. To do this, you can contact our support at support@lawlift.com.
