Skip to main content
Skip table of contents

Enabling SSO

Lucidum supports most SSO providers. This chapter describes how to configure your SSO to work with Lucidum.

To enable SSO login in Lucidum, you must:

  • enter information about your identity provider tool in the Lucidum integration tool.

  • if you use Okta, enter a specific value in the Okta field Default Relay State.

  • create user accounts using the same emails as are used in the identity provider.

SSO Integration

Lucidum Customer Support performs configuration tasks to enable SSO integration. However, customers must perform a single step to enable the integration.

  1. Lucidum sends you a custom URL that leads to the Lucidum integration tool.

  2. In the integration tool, your SSO administrator must enter some information about your identity provider. The integration tool provides a detailed walkthrough for each identity provider.

  3. After you enter the information about your identity provider in the integration tool, at login Lucidum displays a tile that allows users to login via your SSO.

Additional Requirements for Okta

If you use Okta for SSO, you must perform an additional step to complete SSO integration.

  1. In the Okta Admin Console, click Applications and then click the desired application (should be Lucidum).

  2. Click the Sign On tab.

  3. In the Settings pane, click Edit

  4. In the Default Relay State field, enter:

    redirect_uri=https://<customer_name>.lucidum.cloud/CMDB/lucidum-sso/callback

  5. Click Save. 

Create User Accounts in Lucidum

After performing the steps to integrate your SSO with Lucidum, you must create user accounts in Lucidum.

To create a new user account in Lucidum that uses your SSO:

Lucidum uses roles to assign permissions to users. You can assign each user one or more roles. Lucidum includes default roles. You can also create custom roles.

To create a new user account in Lucidum:

  1. Navigate to Settings > User Management.

  2. In the User Management page, click the plus-sign (+) in the upper right corner.

    user_mgmt_page_add_updated.png

  3. The Add User page appears.

     

  4. In the Add User model page, enter the following:

    • User Name. Name of the new user.

    • Email Address. Email address of the new user.

    • SSO User. Toggle on to use your existing SSO solution for the new user.

    • Password. If you did not toggle on SSO, this field appears. Enter a password for the new user. The password must:

      • Be at least eight characters in length

      • Include at least one uppercase letter

      • Include at least one lowercase letter

      • Include at least one number

      • Include at least one of the following symbols: @, $, !, %, *, &, -, ^ (other symbol characters are not allowed)

      • Cannot contain spaces

    • Confirm Password. Confirm the password for the new user.

    • Time Zone. Select a time zone for the new user.

    • Roles. Select and assign one or more roles for the new user. To assign a role, select its checkbox and click the arrow to move the role to the Selected list. The default roles are:

      • Api_Users. This role is allows access to the Lucidum API.

      • Lucidum_Support (Lucidum internal role only). This is a role assigned to Lucidum support staff, to maintain customer systems.

      • Admin. This role allows access to all permissions in Lucidum and is appropriate for the users who administer Lucidum.

      • IT Operations. This role is for IT and security operations staff.

      • Custom roles. You can define custom roles. For details, see Creating and Managing Roles.

  5. Click Confirm to save the new user.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.