Document toolboxDocument toolbox

Google SAML/SSO

Owned by Nial Muecke (Unlicensed)
Last updated: May 01, 2023 by Cale O'Bryan
3 min read

This guide is intended to help configure single sign on / SAML 2.0  for Lucidity Software to be able to authenticate against your Google users.

Create a Lucidity app Instance

  1. Log in to https://admin.google.com 

    NOTE: The account that you use needs to have Super Admin privileges to perform the setup.

  2. On the left-hand-side menu click Apps > Web and mobile apps

  3. In the centre of the “Web and mobile apps“ screen click Add app > Add custom SAML app

  4. The “Add custom SAML app“ modal will be displayed

  5. Enter an appropriate “App name“ such as “Lucidity“ and optionally select a new icon. Click Continue

    Suggested icon:

  6. Download metadata in Option 1 and send this file to your Lucidity Customer Representative. Click Continue
    You can also get this data once the app has been set up

  7. In the “Service provider details“ screen enter the following (leave the Name ID format and Name ID values as default):

    1. ACS URL: https://{clientName}.{domain}/simplesaml/module.php/saml/sp/saml2-acs.php/{clientName}

    2. Entity ID: https://{clientName}.{domain}/simplesaml/module.php/saml/sp/metadata.php/{clientName}

    3. Start URL: https://{clientName}.{domain}/home/login/lucidityintranet/completesso/{clientName}

    4. NOTE: {clientName} represents your Lucidity instances subdomain and {domain} represents your Lucidity domain (luciditysoftware.com.au or lucidity.io)

  8. Click Continue

  9. In the “Attribute mapping“ screen click Add mapping:

    1. Google Directory attributes: Basic Information > Primary email

    2. App attributes: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
      Select category: Basic Information
      Select user field: Primary Email

    3. NOTE: The value needs to match the username naming conventions used for users in Lucidity. If an email is used only the first part is required (eg bob.smith@somewhere.com becomes bob.smith for authentication)

  10. Click Finish

  11. Enable the App. From back in the main SAML app index, select the newly created app

  12. Click User access

  13. Select ON for everyone OR select the required group(s) from the left-hand-side. Click Save

  14. If you have not already sent the metadata.xml to you Lucidity Customer Representative please do so now

 

In this page:

Related pages:

Â