Target audience: Workspace administrators

This article is part of the New LucidLink Single Sign-On (SSO) SAML 2.0 implementation series of articles.

Requirements:

• An SSO Key from the Workspace owner.
• Either the LucidLink desktop app, Mobile app, or Webportal
• An email address from your organization's email domain that has been verified.

Overview

This guide will outline the steps needed to authenticate with SSO using all of the LucidLink options.

As part of the New LucidLink Single Sign-On (SSO) SAML 2.0 implementation setup, a specialized file, known as an SSO key, is generated. The SSO key workflow serves as an additional layer of security, providing a Zero-Knowledge guarantee and ensuring that LucidLink has no access to the data stored in your filespace.

Because of this Zero-Knowledge security model, single sign-on (SSO) authentication requires distributing the SSO key file to all workspace members authenticating through your identity provider. They must upload the key on each device or browser during their login.

Login instructions

Desktop computers

1. From within the LucidLink desktop application or the Webportal, enter your SSO Email into the Login screen and click Continue:

2. Choose Login with SSO.

3. You will be redirected to your browser window, where you can log in to your identity provider.
If you are already logged in, your session will be automatically detected, and you will not need to re-enter your SSO identity provider user credentials again.

4. You will be prompted to provide an SSO key. Navigate to the location where you have stored your SSO key by pressing "Browse file". 

5. If the SSO key has been successfully imported, the LucidLink desktop application will show the message "Success". You can then click "Continue".

6. Once your security credentials have been validated by your SSO identity provider, you will be connected to the workspace and see any filespaces you have been given access to.

The SSO Key must be loaded into the LucidLink application upon login if the user email is part of a verified domain in a workspace that requires SSO authentication.
However, the LucidLink desktop application does load the SSO Key file automatically if it is located in the current user's ~/.lucid-keys directory.

Android devices

1. Log in by typing your SSO associated email address and tapping on "Login with SSO":

2. Confirm your identity on your IdP's web page:

3. Select the SSO key that was shared by your workspace administrator and tap on "Continue":

Optional step: If you had an existing LucidLink account, you will be required to merge your accounts. You can simply do this by typing the password of your LucidLink account and then tapping on "Merge account":

iOS devices

1. Log in by typing your SSO associated email address and tapping on "Login with SSO":

2. On the next screen, select "Continue", then confirm your identity on your IdP's web page:

3. Select the SSO key that was shared by your workspace administrator and tap on "Continue":

Optional step: If you had an existing LucidLink account, you will be required to merge your accounts. You can simply do this by typing the password of your LucidLink account and then tapping on "Merge account":