SSO Support #
Lucidum supports most SSO providers. This chapter describes how to configure your SSO to work with Lucidum.
To enable SSO login in Lucidum, you must:
-
enter information about your identity provider tool in the Lucidum integration tool.
-
if you use Okta, enter a specific value in the Okta field Default Relay State.
-
create user accounts using the same emails as are used in the identity provider.
SSO Integration #
Lucidum Customer Support performs configuration tasks to enable SSO integration. However, customers must perform a single step to enable the integration.
-
Lucidum sends you a custom URL that leads to the Lucidum integration tool.
-
In the integration tool, your SSO administrator must enter some information about your identity provider. The integration tool provides a detailed walkthrough for each identity provider.
-
After you enter the information about your identity provider in the integration tool, at login Lucidum displays a tile that allows users to login via your SSO.
Additional Requirements for Okta #
If you use Okta for SSO, you must perform an additional step to complete SSO integration.
-
In the Okta Admin Console, click Applications and then click the desired application (should be Lucidum).
-
Click the Sign On tab.
-
In the Settings pane, click Edit
-
In the Default Relay State field, enter:
redirect_uri=https://<customer_name>.lucidum.cloud/CMDB/lucidum-sso/callback
-
Click Save.
Create User Accounts with SSO #
After performing the steps to integrate your SSO with Lucidum, you must create user accounts in Lucidum.
To create a new user account in Lucidum that uses your SSO:
Lucidum uses roles to assign permissions to users. You can assign each user one or more roles. Lucidum includes default roles. You can also create custom roles.
To create a new user account in Lucidum:
-
Navigate to Settings > User Management.
-
In the User Management page, click the plus-sign (+) in the upper right corner.
-
The Add User page appears.
-
In the Add User model page, enter the following:
-
User Name. Name of the new user.
-
Email Address. Email address of the new user.
-
SSO User. Toggle on to use your existing SSO solution for the new user.
-
Password. If you did not toggle on SSO, this field appears. Enter a password for the new user. The password must:
-
Be at least eight characters in length
-
Include at least one uppercase letter
-
Include at least one lowercase letter
-
Include at least one number
-
Include at least one of the following symbols: @, $, !, %, *, &, -, ^ (other symbol characters are not allowed)
-
Cannot contain spaces
-
-
Confirm Password. Confirm the password for the new user.
-
Time Zone. Select a time zone for the new user.
-
Roles. Select and assign one or more roles for the new user. To assign a role, select its checkbox and click the arrow to move the role to the Selected list. The default roles are:
-
Api_Users. This role is allows access to the Lucidum API.
-
Lucidum_Support (Lucidum internal role only). This is a role assigned to Lucidum support staff, to maintain customer systems.
-
Admin. This role allows access to all permissions in Lucidum and is appropriate for the users who administer Lucidum.
-
IT Operations. This role is for IT and security operations staff.
-
Custom roles. You can define custom roles. For details, see Creating and Managing Roles.
-
-
-
Click Confirm to save the new user.