Azure AD
This page describe the steps to setup Azure AD to enable Lucidity access via SSO.
Sign in to your Microsoft Azure AD portal as an account administrator
From the menu on the left-hand-side select Azure Active Directory > Enterprise applications > (All applications) > New application
Select Non-gallery application and enter a desired {app name} into the Name field
We recommend this value be set to something that identifies this app as Lucidity Software.
Click the Add button at the bottom to create the new app
Once the app is created you'll be automatically taken to the Overview screen.
From the Overview screen navigate to Single sign-on > SAML
Ignore that Disabled is hi-lighted in the above image.
Under 1. Basic SAML Configuration enter the following values:
Identifier (Entity ID): https://{your-domain}.luciditysoftware.com.au/simplesaml/module.php/saml/sp/metadata.php/{your-domain}
Reply URL (Assertion Consumer Service URL): https://{your-domain}.luciditysoftware.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/{your-domain}
Click Save
Important
At the bottom of this section you'll see a checkbox that when checked displays three optional fields, Sign on URL, Relay State and Logout Url. Generally, these three fields will be left empty however if you require users to be redirected to a specific Lucidity module upon successful authentication the following will be included in the Relay State field:
https://{your-domain}.luciditysoftware.com.au/home/login/{module-name}/completesso/{your-domain}
Under 2. User Attributes & Claims:
Locate the claim name "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
Click the claim rule to edit
Change the Name attribute to "userprincipalname" (without the quotes)
Click Save
If you don't want to edit the existing claim:
Click Add new claim
Enter the following:
Name: userprincipalname
Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/
Source: Attribute (radio button)
Source attribute: user.userprincipalname
Click Save
At this point, you should have at least five claims - emailaddress, givenname, userprincipalname, nameidentifier and surname (and potentially name if you created the new claim rather than editing the existing)
Aside from assigning users to the new App, the setup is complete. You'll now need to send the required metadata to your contact at Lucidity.
From within the Apps Single sign-on configuration navigate to 3. SAML Signing Certificate
Next to Federation Metadata XML click Download
Send this file to Lucidity
User Assignment
By default, all newly added applications will require users to be assigned to the application, without this step, users trying to login will be displayed an error message.
You can assign access to users by selecting Users and Groups in the left application menu and adding either a user group or specific users. If you want all users to be able to sign in to Lucidity using single sign on, from the Properties menu, you can also change Assignment Required to "No" which will allow all users to login to Lucidity as long as they have a matching user account in Lucidity.