TABLE OF CONTENTS

Okta integration

Upon completion of this guide you will

  • have a configuration for your LucidLink application inside your Okta account;
  • be able to assign Okta users and groups to your LucidLink application within your Okta account;
  • be able to integrate Okta with your LucidLink Filespace, and synchronize the assigned Okta users and groups to Lucid;
  • be able to log in to LucidLink Filespace using Okta identity provider.


Currently Lucid has the following requirements for user synchronization (no special requirements for regular user login are needed):

  • During synchronzation of users, you will need a user that is an Okta administrator.

  • As a minimum, that user needs to be a Group Admin for the users that will be assigned to Lucid and an App admin for the LucidLink Application. You can find more general information on Okta Administrator roles here: Okta Administrator roles and permissions

  • Lucid uses the Okta API to perform the following operations on behalf the logged in admin user:

    • Read users and groups

    • Read application assignments

    • Write a custom attribute in each user that is assigned to Lucid


1. Log in to the Okta admin panel.

2. Go to Applications -> click “Add Application” ->  click “Create New App”.  In the "Platform" drop-down, select "Native app" and click “Create”.


3. On the next screen that appears, enter “LucidLink” for the “Application name”, add the following "Login redirect URIs" and click "Save":

 

http://127.0.0.1:8909/ 
http://127.0.0.1:8908/
http://127.0.0.1:8907/
http://127.0.0.1:8906/

4. In the Application settings screen, go to the “Okta API Scopes” tab and Grant the following scopes:

okta.users.read, okta.users.read.self, okta.users.manage, okta.groups.read, okta.apps.read, okta.apps.manage.

5. In the Application settings screen, go to the “General” tab, in the “General Settings” section, click “Edit”. Check “Refresh Token” checkbox in addition to the already selected “Authorization Code”. Click “Save”.



6. Next, navigate to "Directory" -> "Profile editor". Click the "Profile" (pencil icon) on the “User (default)” profile.



7. Click the "+ Add attribute" button.


Data type: leave as is, "string"

Display name: "LucidLink data"

Variable name: "lucidLinkData"

Click “Save” to save the new attribute.


8. Next, navigate to "Directory" -> "Profile editor". Click the "Profile" (pencil icon) on the “LucidLink” application user (we'll repeat the same procedure of adding an attribute).


Click the "+ Add attribute" button:

Data type: leave as is, "string"

Display name: "LucidLink data"

Variable name: "lucidLinkData"

Click "Save".


9. While still in the "LucidLink" application user

Click the "Mappings" button:

In the "Okta User to LucidLink" tab, locate the "lucidLinkData" attribute in the LucidLink User profile (on the right side of the mappings) and in the drop-down on that attribute's left side, select to map "lucidLinkData" from Okta to it. Select the mapping to be applied when a user is created or updated and click "Save mappings". If asked to apply these mappings to all users with this profile, click "Apply updates now".




Go to Application and select the newly created LucidLink application by clicking on its name.

Go to the "Assignments" tab and select users or groups to assign by clicking the “Assign” button.

Note: make sure to assign an Okta admin user to the LucidLink application. This user will later be used to synchronize users from Okta to the LucidLink Filespace. The user is also used to manage any other integration with the LucidLink Filespace.





1. While in Okta, go to the Application page for the LucidLink app in Okta: Applications -> Applications and click on the app name. In the General tab, scroll down to the “Client ID” parameter and copy its value to your clipboard.




2. Log in as the "root" user to a LucidLink Filespace and open the "Control panel". Click the SSO menu.


3. Select "Configure" Okta.

4. Enter the "Client ID" from step 1.

5. Enter "OpenID URL - it should look similar to “https://dev-991030.okta.com/”, where “dev-991030” will be your tenant/company name.

6. Click connect.



7. A web browser with a login form should open at this point where you have to log in as an Okta admin (set up in the previous section of this guide).

8. If you logged in successfully as an assigned admin user, Lucid will start fetching user and group information from Okta and compare it with the local Lucid users and groups. After this is done, you will get a preview of changes that would be applied to the Lucid Filespace users and groups.


9. Click “Synchronize now” to proceed with user/group import inside Lucid.

10. The integration is now complete - Okta users and groups are now visible in the 'Users" and the "Groups" menus within the Lucid control panel and the Lucid administrator can assign shares as usual.


User login in Lucid through Okta

1. Open the Login screen and enter the Filespace that has Okta integration.



2. In the next step the Okta integration will be detected and a new button will allow for Okta login.

You will be taken to your Okta domain in a new browser window where you can log in. Upon successful login, Lucid will connect to the Filespace.

3. You can confirm this by checking the username at the bottom of the dashboard:

What is my Okta Client ID?

1. Make sure you've completed the setup guide above.

2. Log in to Okta.

3. Navigate to Applications -> Applications and click on the LucidLink app name.

4. In the General tab, scroll down to see the "Client ID":



What is my Okta OpenID URL?

1. Make sure you've completed the setup guide above.

2. Log in to Okta.

3. Your "OpenID URL" should look similar to “https://dev-991030.okta.com/”, where “dev-991030” will be your tenant/company name.