Enabling SSO

SSO Support #

Lucidum supports most SSO providers. This chapter describes how to configure your SSO to work with Lucidum.

To enable SSO login in Lucidum, you must:

• enter information about your identity provider tool in the Lucidum integration tool.

• if you use Okta, enter a specific value in the Okta field Default Relay State.

• create user accounts using the same emails as are used in the identity provider.

SSO Integration #

Lucidum Customer Support performs configuration tasks to enable SSO integration. However, customers must perform a single step to enable the integration.

1. Lucidum sends you a custom URL that leads to the Lucidum integration tool.

   

2. In the integration tool, your SSO administrator must enter some information about your identity provider. The integration tool provides a detailed walkthrough for each identity provider.

   

3. After you enter the information about your identity provider in the integration tool, at login Lucidum displays a tile that allows users to login via your SSO.

   

Additional Requirements for Okta #

If you use Okta for SSO, you must perform an additional step to complete SSO integration.

1. In the Okta Admin Console, click Applications and then click the desired application (should be Lucidum).

2. Click the Sign On tab.

3. In the Settings pane, click Edit

4. In the Default Relay State field, enter:

   redirect_uri=https://<customer_name>.lucidum.cloud/CMDB/lucidum-sso/callback

5. Click Save.

Create User Accounts with SSO #

After performing the steps to integrate your SSO with Lucidum, you must create user accounts in Lucidum.

To create a new user account in Lucidum that uses your SSO:

Lucidum uses roles to assign permissions to users. You can assign each user one or more roles. Lucidum includes default roles. You can also create custom roles.

To create a new user account in Lucidum:

1. Navigate to Settings > User Management.

2. In the User Management page, click the plus-sign (+) in the upper right corner.

   

3. The Add User page appears.

   

4. In the Add User model page, enter the following:

   • First Name. Name of the new user.
   • Last Name. Last name of the new user.
   • Email Address. Email address of the new user.
   • Account Type. Select how the new user account will be authenticated. Choose SSO. For details on creating a local user, see Creating a New User Account.
   • Roles. Select and assign one or more roles for the new user. For details on Roles, see For details, see Creating and Managing Roles. To assign a role, select its checkbox and click the arrow to move the role to the Selected list. The default roles are:
     • Api_Users. This role is allows access to the Lucidum API.
     • Lucidum_Support (Lucidum internal role only). This is a role assigned to Lucidum support staff, to maintain customer systems.
     • Admin. This role allows access to all permissions in Lucidum and is appropriate for the users who administer Lucidum.
     • IT Operations. This role is for IT and security operations staff.
     • Custom roles. You can define custom roles. For details, see Creating and Managing Roles.

5. Click Confirm to save the new user.