Versions Compared

Old Version 10

changes.mady.by.user Former user

Saved on

compared with

New Version 11

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

This page describe the steps to setup Azure AD to enable Lucidity access via SSO.

  • Sign in to your Microsoft Azure AD portal as an account administrator

  • From the menu on the left-hand-side select Azure Active Directory Enterprise applications(All applications)New application

...

Image Added

  • Select Non-gallery application and enter a desired {app name} into the Name field

Info

We recommend this value be set to something that identifies this app as Lucidity Software.

  • Click the Add button at the bottom to create the new app

...

Image Added

  • Once the app is created you'll be automatically taken to the Overview screen.

  • From the Overview screen navigate to Single sign-onSAML

...

Image Added

Info

Ignore that Disabled is hi-lighted in the above image.

  • Under 1. Basic SAML Configuration enter the following values:

    • Identifier (Entity ID):

...

    •  https://{your-domain}.luciditysoftware.com.au/simplesaml/module.php/saml/sp/metadata.php/{your-domain}

    • Reply URL (Assertion Consumer Service URL):

...

    •  https://{your-domain}.luciditysoftware.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/{your-domain}

...

Image Added

  • Click Save

Info

...

Important

At the bottom of this section you'll see a checkbox that when checked displays three optional fields, Sign on URLRelay State and Logout Url. Generally, these three fields will be left empty however if you require users to be redirected to a specific Lucidity module upon successful authentication the following will be included in the Relay State field:

https://{your-domain}.luciditysoftware.com.au/home/login/{module-name}/completesso/{your-domain}

  • Under 2. User Attributes & Claims:

    • Locate the claim name "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"

      • Click the claim rule to edit

      • Change the Name attribute to "userprincipalname" (without the quotes)

      • Click Save

    • If you don't want to edit the existing claim:

    • At this point, you should have at least five claims - emailaddress, givenname, userprincipalname, nameidentifier and surname (and potentially name if you created the new claim rather than editing the existing)

Image Modified 

Aside from assigning users to the new App, the setup is complete. You'll now need to send the required metadata to your contact at Lucidity.

  • From within the Apps Single sign-on configuration navigate to 3. SAML Signing Certificate

  • Next to Federation Metadata XML click Download

  • Send this file to Lucidity

User Assignment

By default, all newly added applications will require users to be assigned to the application, without this step, users trying to login will be displayed an error message.

You can assign access to users by selecting Users and Groups in the left application menu and adding either a user group or specific users. If you want all users to be able to sign in to Lucidity using single sign on, from the Properties menu, you can also change Assignment Required to "No" which will allow all users to login to Lucidity as long as they have a matching user account in Lucidity.

In this page:

Table of Contents

Related pages:

Child pages (Children Display)
pageSingle Sign On