Target audience: Workspace administrators
This article is part of the New LucidLink Single Sign-On (SSO) SAML 2.0 implementation series of articles.
Requirements
- Organization email domain configured and verified in the LucidLink Application or Webportal for your Workspace. Please use this article for the domain setup.
- Admin Access to create the app in your Identity Provider's Admin Console.
Client-Initiated Login Only: Always start the login from within the LucidLink client application itself. The application opens your browser to authenticate with the IdP and automatically redirects you back to the application upon completion.
IdP-Initiated Login Unsupported: IdP tile workflows are not supported. Disable the application icon or tile in your IdP admin console to avoid user confusion.
Setup instructions
1. Start the integration within the LucidLink Application or Webportal
From the LucidLink Application or Webportal, click on the 3-dot menu next to the Workspace name and click on SSO Integration. Then click on the Set Up SSO button.
Obtain the values from the following 2 fields from the SSO configuration page to put into your IdP Admin Console in the next step:
- Service Provider Consumer URL
- Service Provider entity ID
2. Create a LucidLink app within your IdP Admin Console
Every Identity Providers Console is different and will label things and order things differently
However, in general, you will need the 2 fields from the LucidLink Application in the last step.
- Service Provider Consumer URL
- Service Provider entity ID
You will need the following details from the IdP Admin Console to complete the setup inside LucidLink.
- Single Sign-On URL
- Identity Provider entity ID
- Identity Provider certificate file
LucidLink does have the ability to support Attribute Statements in the IdP application.
The most common attribute that is used is "email" and maps to something similar in the IdP attributes, such as email address, user.email, etc.
3. Finish the integration within LucidLink
Enter the 2 fields from the IdP Admin Console into LucidLink
- Single Sign-On URL
- Identity Provider entity ID (Issuer URL from the last step in Okta)
Then, upload the Identity provider certificate and click Save.
You will need to select your authentication setting and then download the SSO Key to distribute to any users needing to authenticate to your Workspace via SSO.
Make sure that you download your SSO Key and test the integration before you change the authentication settings.
Login Workflow Requirements
Client-Initiated Login Only: Always start the login from within the LucidLink application itself. The application opens your browser to authenticate with the IdP and automatically redirects you back to the application upon completion.
IdP-Initiated Login Unsupported: IdP tile workflows are not supported. Disable the application icon or tile in your IdP admin console to avoid user confusion.