New LucidLink Single Sign-On (SSO) SAML 2.0: Configure One Email Domain across Multiple Workspaces.

  • Updated

Overview

We recently introduced significant improvements to domain management, allowing organizations to use the same verified email domain across multiple workspaces while maintaining SSO configurations for each workspace.

What’s new:

  • Use the same organizational email domain across multiple workspaces
  • Maintain security isolation between workspaces while sharing domain verification

Administrator Setup

Domain Statuses

  • Unverified domain: Domain verification has not been initiated
  • Pending verification: DNS propagation in progress (up to 72 hours)
  • Verified: Domain successfully verified and ready for SSO
  • Domain key is required for verification: Domain is verified in another workspace and requires importing a domain key.

Managing Multiple Workspaces

If your domain is already verified in an existing workspace, follow these steps to add it to a new one:

  1. Navigate to Workspace Settings > Domain management.
  2. Enter your organizational email domain.
  3. You will need to validate the domain by adding a TXT record.
  4. If the domain is already verified in another workspace, its status will show as "Domain key is required for verification". To proceed, you must upload the SSO domain key from the other workspace. 
     

  • If you are not the owner of the workspace with the verified email domain, please open a support ticket to get the contact details for the other workspace owner, to request the domain key from them.

  • If the domain you are using has already been verified and configured for Single Sign-On (SSO) in another workspace, the new workspace will automatically inherit those SSO configurations for the domain.

  • These configurations are applied at the domain level.

The Transition to Domain Keys

We are replacing the existing SSO keys with a new, domain-specific key.

Impact and Usage

  • Existing Setups: All current SSO configurations using the old SSO keys will remain compatible with the new domain key.
  • Future Setups: New SSO configurations will require the use of the domain key.

Administrator Experience

Administrators retain the ability to save the domain key in the .lucid-key directory. 

The domain key serves a purpose similar to the SSO key. The crucial difference is that the SSO key granted access to the workspace itself, whereas the domain key is associated with the domain. Essentially, the former allows all internal members to access the workspace, while the latter applies to everyone who is part of the domain.

End-User Experience

The login workflow remains largely unchanged, with one minor distinction based on your setup:

  • Single Workspace: Users log in via SSO, using the domain key.

  • Multiple Workspaces: Users will be prompted to enter the Workspace Name associated with the domain, before being prompted for the domain key.

To ensure this feature functions correctly, please verify that all users are running the latest version of the LucidLink client. For instructions on how to update, please refer to our guide on Updating the LucidLink Client.

 

Was this article helpful?

0 out of 0 found this helpful