Setup Okta single sign-on integration

Team LucidLink
Team LucidLink
  • Updated

TABLE OF CONTENTS

 

Okta integration

Upon completion of this guide you will

  • have a configuration for your LucidLink application inside your Okta account;
  • be able to assign Okta users and groups to your LucidLink application within your Okta account;
  • be able to integrate Okta with your LucidLink Filespace, and synchronize the assigned Okta users and groups to Lucid;
  • be able to log in to LucidLink Filespace using Okta identity provider.

 

Currently Lucid has the following requirements for user synchronization (no special requirements for regular user login are needed):

  • During synchronzation of users, you will need a user that is an Okta administrator.

  • As a minimum, that user needs to be a Group Admin for the users that will be assigned to Lucid and an App admin for the LucidLink Application. You can find more general information on Okta Administrator roles here: Okta Administrator roles and permissions

  • Lucid uses the Okta API to perform the following operations on behalf the logged in admin user:

    • Read users and groups

    • Read application assignments

    • Write a custom attribute in each user that is assigned to Lucid

 

1. Log in to the Okta admin panel.

2. Go to Applications -> click “Create App Integration”. Choose "OIDC - OpenID Connect" as "Sign-in method" and select "Native Application" as an "Application type". Click "Next".

mceclip1.png

 

3. On the next screen that appears, enter “LucidLink” for the “App integration name”, select "Refresh Token" in the "Grant type" section, and add the following "Sign-in redirect URIs":

mceclip3.png

http://127.0.0.1:8909/ 
http://127.0.0.1:8908/
http://127.0.0.1:8907/
http://127.0.0.1:8906/

Select "Skip group assignment for now" from the "Assignments" section and click "Save":

mceclip4.png

 

4. In the Application settings screen, go to the “Okta API Scopes” tab and Grant the following scopes:

mceclip15.png

okta.apps.manage
okta.apps.read
okta.groups.read
okta.users.manage
okta.users.read
okta.users.read.self

 

5. Next, navigate to "Directory" -> "Profile editor". Click on “User (default)”:

 

mceclip5.png

 

6. Click the "+ Add attribute" button.

 

Data type: leave as is, "string"

Display name: "LucidLink data"

Variable name: "lucidLinkData"

Click “Save” to save the new attribute.

OS5.png

 

7. After saving the attribute and still in the Okta User Profile editor, scroll down and click the edit (pencil) icon next to the newly created "lucidLinkData" attribute.

In the edit dialog, make sure the following settings are as below:
User permission: Read Only
Source priority: Inherit from Okta
Click "Save Attribute"

OS6.png

8. Next, navigate to "Directory" -> "Profile editor". Click on the “LucidLink User” (we'll repeat the same procedure of adding an attribute).

mceclip6.png

Click the "+ Add attribute" button:

Data type: leave as is, "string"

Display name: "LucidLink data"

Variable name: "lucidLinkData"

Click "Save".

 

10. While still in the "LucidLink User" app

Click the "Mappings" button:

mceclip8.png

In the "Okta User to LucidLink" tab, locate the "lucidLinkData" attribute in the LucidLink User Profile (on the right side of the mappings):

mceclip14.png

In the drop-down menu on that attribute's left side, select "lucidLinkData":

mceclip12.png

Click on the arrow button in the middle and select "Apply mapping on user create and update":  

mceclip16.png

Click "Save mappings". If asked to apply these mappings to all users with this profile, click "Apply updates now":

mceclip0.png

Go to Application and select the newly created LucidLink application by clicking on its name.

Go to the "Assignments" tab and select users or groups to assign by clicking the “Assign” button.

Note: make sure to assign an Okta admin user to the LucidLink application. This user will later be used to synchronize users from Okta to the LucidLink Filespace. The user is also used to manage any other integration with the LucidLink Filespace.

 

OS8.png

 

 

 

1. While in Okta, go to the Application page for the LucidLink app in Okta: Applications -> Applications and click on the app name. In the General tab, scroll down to the “Client ID” parameter and copy its value to your clipboard.

 

OS9.png

 

 

2. Log in as the "root" user to a LucidLink Filespace and open the "Control panel". Click the SSO menu.

 

OS10.png

3. Select "Configure" Okta.

4. Enter the "Client ID" from step 1.

5. Enter "OpenID URL - it should look similar to “https://dev-991030.okta.com/”, where “dev-991030” will be your tenant/company name.

6. Click connect.

 

OS11.png

 

7. A web browser with a login form should open at this point where you have to log in as an Okta admin (set up in the previous section of this guide).

8. If you logged in successfully as an assigned admin user, Lucid will start fetching user and group information from Okta and compare it with the local Lucid users and groups. After this is done, you will get a preview of changes that would be applied to the Lucid Filespace users and groups.

OS12.png

 

9. Click “Synchronize now” to proceed with user/group import inside Lucid.

10. The integration is now complete - Okta users and groups are now visible in the 'Users" and the "Groups" menus within the Lucid control panel and the Lucid administrator can assign shares as usual.

 

User login in Lucid through Okta

1. Open the Login screen and enter the Filespace that has Okta integration.

 

OS13.png

 

2. In the next step the Okta integration will be detected and a new button will allow for Okta login.

OS14.pngYou will be taken to your Okta domain in a new browser window where you can log in. Upon successful login, Lucid will connect to the Filespace.

3. You can confirm this by checking the username at the bottom of the dashboard:

OS15.pngWhat is my Okta Client ID?

1. Make sure you've completed the setup guide above.

2. Log in to Okta.

3. Navigate to Applications -> Applications and click on the LucidLink app name.

4. In the General tab, scroll down to see the "Client ID":

 

OS16.png

 

What is my Okta OpenID URL?

1. Make sure you've completed the setup guide above.

2. Log in to Okta.

3. Your "OpenID URL" should look similar to “https://dev-991030.okta.com/”, where “dev-991030” will be your tenant/company name.

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.