Document toolboxDocument toolbox

Azure AD

This page describe the steps to setup Azure AD to enable Lucidity access via SSO.

  • Sign in to your Microsoft Azure AD portal as an account administrator

  • From the menu on the left-hand-side select Azure Active Directory Enterprise applications(All applications)New application

  • Select Non-gallery application and enter a desired {app name} into the Name field

We recommend this value be set to something that identifies this app as Lucidity Software.

  • Click the Add button at the bottom to create the new app

  • Once the app is created you'll be automatically taken to the Overview screen.

  • From the Overview screen navigate to Single sign-onSAML

 

Ignore that Disabled is hi-lighted in the above image.

  • Under 1. Basic SAML Configuration enter the following values:

    • Identifier (Entity ID): https://{your-domain}.luciditysoftware.com.au/simplesaml/module.php/saml/sp/metadata.php/{your-domain}

    • Reply URL (Assertion Consumer Service URL): https://{your-domain}.luciditysoftware.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/{your-domain}

  • Click Save

Important

At the bottom of this section you'll see a checkbox that when checked displays three optional fields, Sign on URLRelay State and Logout Url. Generally, these three fields will be left empty however if you require users to be redirected to a specific Lucidity module upon successful authentication the following will be included in the Relay State field:

https://{your-domain}.luciditysoftware.com.au/home/login/{module-name}/completesso/{your-domain}

  • Under 2. User Attributes & Claims:

    • Locate the claim name "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"

      • Click the claim rule to edit

      • Change the Name attribute to "userprincipalname" (without the quotes)

      • Click Save

    • If you don't want to edit the existing claim:

    • At this point, you should have at least five claims - emailaddress, givenname, userprincipalname, nameidentifier and surname (and potentially name if you created the new claim rather than editing the existing)

 

Aside from assigning users to the new App, the setup is complete. You'll now need to send the required metadata to your contact at Lucidity.

  • From within the Apps Single sign-on configuration navigate to 3. SAML Signing Certificate

  • Next to Federation Metadata XML click Download

  • Send this file to Lucidity

 

User Assignment

By default, all newly added applications will require users to be assigned to the application, without this step, users trying to login will be displayed an error message.

You can assign access to users by selecting Users and Groups in the left application menu and adding either a user group or specific users. If you want all users to be able to sign in to Lucidity using single sign on, from the Properties menu, you can also change Assignment Required to "No" which will allow all users to login to Lucidity as long as they have a matching user account in Lucidity.

 

In this page:

Related pages: