This page describe the steps to setup Azure AD to enable Lucidity access via SSO.
- Sign in to your Microsoft Azure AD portal as an account administrator
- From the menu on the left-hand-side select Azure Active Directory > Enterprise applications > (All applications) > New application
- Select Non-gallery application and enter a desired {app name} into the Name field
We recommend this value be set to something that identifies this app as Lucidity Software.
- Click the Add button at the bottom to create the new app
- Once the app is created you'll be automatically taken to the Overview screen.
- From the Overview screen navigate to Single sign-on > SAML
Ignore that Disabled is hi-lighted in the above image.
- Under 1. Basic SAML Configuration enter the following values:
- Identifier (Entity ID): https://{your-domain}.luciditysoftware.com.au/simplesaml/module.php/saml/sp/metadata.php/{your-domain}
- Reply URL (Assertion Consumer Service URL): https://{your-domain}.luciditysoftware.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/{your-domain}
- Click Save
Important
At the bottom of this section you'll see a checkbox that when checked displays three optional fields, Sign on URL, Relay State and Logout Url. Generally, these three fields will be left empty however if you require users to be redirected to a specific Lucidity module upon successful authentication the following will be included in the Relay State field:
https://{your-domain}.luciditysoftware.com.au/home/login/{module-name}/completesso/{your-domain}
- Under 2. User Attributes & Claims:
- Locate the claim name "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
- Click the claim rule to edit
- Change the Name attribute to "userprincipalname" (without the quotes)
- Click Save
- If you don't want to edit the existing claim:
- Click Add new claim
- Enter the following:
- Name: userprincipalname
- Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/
- Source: Attribute (radio button)
- Source attribute: user.userprinciplalname
- Click Save
- At this point, you should have at least five claims - emailaddress, givenname, userprincipalname, nameidentifier and surname (and potentially name if you created the new claim rather than editing the existing)
- Locate the claim name "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
Aside from assigning users to the new App, the setup is complete. You'll now need to send the required metadata to your contact at Lucidity.
- From within the Apps Single sign-on configuration navigate to 3. SAML Signing Certificate
- Next to Federation Metadata XML click Download
- Send this file to Lucidity