Target audience: Workspace administrators

This article is part of the New LucidLink Single Sign-On (SSO) SAML 2.0 implementation series of articles.

Overview

As part of the New LucidLink Single Sign-On (SSO) SAML 2.0 implementation setup, a specialized file, known as an SSO key, is generated. The SSO key workflow serves as an additional layer of security, providing a Zero-Knowledge guarantee and ensuring that LucidLink has no access to the data stored in your Filespace.

Because of this Zero-Knowledge security model, single sign-on (SSO) authentication requires distributing the SSO key file to all domain members authenticating through your identity provider. They must upload the key on each device or browser during their login.

SSO Key Distribution

The SSO Key can be downloaded from the SSO Integration page for the Workspace.

The SSO Key must be loaded into the LucidLink application upon login if the user email is part of a verified domain in a workspace that requires SSO authentication.

However, the LucidLink desktop application does load the SSO Key file automatically if it is located in the current user's ~/.lucid-keys directory.

An example of the location on Windows would be the following:

C:\Users\john_smith\.lucid-keys

And on macOS:

/Users/john_smith/.lucid-keys

The SSO key could be distributed in the following ways:

• Your corporate MDM solution;*
• Hosted on a file share only accessible to your filespace users;
• Hosted within your corporate intranet service;
• Securely transmitted or sent to each user;

*Most mobile device management (MDM) suites provide a facility to distribute files securely throughout managed devices and endpoints. Additionally, the Active Directory Group Policy provides a capability compatible with our implementation.