Lucidum supports most SSO providers. This chapter describes how to configure your SSO to work with Lucidum.
To enable SSO login in Lucidum, you must:
enter information about your identity provider tool in the Lucidum integration tool.
if you use Okta, enter a specific value in the Okta field Default Relay State.
create user accounts using the same emails as are used in the identity provider.
Lucidum Customer Support performs configuration tasks to enable SSO integration. However, customers must perform a single step to enable the integration.
Lucidum sends you a custom URL that leads to the Lucidum integration tool.
In the integration tool, your SSO administrator must enter some information about your identity provider. The integration tool provides a detailed walkthrough for each identity provider.
After you enter the information about your identity provider in the integration tool, at login Lucidum displays a tile that allows users to login via your SSO.
Additional Requirements for Okta
If you use Okta for SSO, you must perform an additional step to complete SSO integration.
In the Okta Admin Console, click Applications and then click the desired application (should be Lucidum).
Click the Sign On tab.
In the Settings pane, click Edit
In the Default Relay State field, enter:
Create User Accounts in Lucidum
After performing the steps to integrate your SSO with Lucidum, you must create user accounts in Lucidum.
To create a new user account in Lucidum that uses your SSO:
Lucidum uses roles to assign permissions to users. You can assign each user one or more roles. Lucidum includes default roles. You can also create custom roles.
To create a new user account in Lucidum:
Navigate to Settings > User Management.
In the User Management page, click the plus-sign (+) in the upper right corner.
The Add User page appears.
In the Add User model page, enter the following:
User Name. Name of the new user.
Email Address. Email address of the new user.
SSO User. Toggle on to use your existing SSO solution for the new user.
Password. If you did not toggle on SSO, this field appears. Enter a password for the new user. The password must:
Be at least eight characters in length
Include at least one uppercase letter
Include at least one lowercase letter
Include at least one number
Include at least one of the following symbols: @, $, !, %, *, &, -, ^ (other symbol characters are not allowed)
Cannot contain spaces
Confirm Password. Confirm the password for the new user.
Time Zone. Select a time zone for the new user.
Roles. Select and assign one or more roles for the new user. To assign a role, select its checkbox and click the arrow to move the role to the Selected list. The default roles are:
Api_Users. This role is allows access to the Lucidum API.
Lucidum_Support (Lucidum internal role only). This is a role assigned to Lucidum support staff, to maintain customer systems.
Admin. This role allows access to all permissions in Lucidum and is appropriate for the users who administer Lucidum.
IT Operations. This role is for IT and security operations staff.
Custom roles. You can define custom roles. For details, see Creating and Managing Roles.
Click Confirm to save the new user.