SAML/SSO and SCIM: An Overview

 
SCIM and SAML are available to business subscriptions.

 

Lucidpress offers SAML and SCIM integrations to Business accounts so that admins can easily manage the users on their Lucidpress teams using their IDPs.

 

Lucidpress’ SAML integration allows you to connect Lucidpress to your IDP so that users on your account can quickly and securely authenticate through your IDP using SAML SSO. You can also configure your team's settings so that users are automatically created in Lucidpress when they sign in for the first time after they are assigned the Lucidpress app in your IDP.
Lucidpress’ SCIM integration allows you to sync user information between Lucidpress and your IDP, allowing you to make changes to users in your Lucidpress account directly in your IDP.

Here are some of the things that the SCIM integration allows you to do:
  • Create users in your Lucidpress account without them having to log in
  • Update user attributes
  • Provision and de-provision users
  • Deactivate users, meaning they will no longer have a license, be able to log in, or have access to any documents
  • Define licenses for users
Follow these steps to configure SAML to your Business account. Note that you will need admin privileges in both Lucidpress and your IDP to set up the SAML integration.
  1. Add the Lucidpress app to your IDP and download the corresponding (federation) metadata.
  2. In Lucidpress, click Team > App Integration > SAML.
  3. Enter your Lucidpress account domain. The SAML integration will use your domain to generate a Lucidpress sign-in URL that you will supply to your IDP. A user may go directly to this URL to initiate SAML SSO. Make sure to just enter the domain, not the full URL. This must match the value that was specified in your IDP.
  4. Enter your Lucidpress account domain in the ‘Domain’ field under the ‘Lucidpress Sign in URL’ section. Be sure to enter the domain only, not a full URL. The SAML integration will use your domain to generate a Lucidpress sign-in URL that you will supply to your identity provider. For example, if you were to enter 'acme.com' as your domain, the URL will be https://www.lucidpress/saml/sso/acme.com. A user may go directly to this URL to initiate SAML single sign on.
  5. Upload the metadata .xml file generated from your IdP to Lucidpress.

Lucidpress SAML integration is now complete. Your Lucidpress account will support SAML single-sign on authentication through your identity provider.

Before you can configure SCIM with you Lucidpress account, please ensure the following:
  • You are on an Business subscription with an up-to-date pricing plan
  • Your account has auto-uprades enabled. See the Licensing Setting article for instructions on how to adjust this setting
Follow these steps to configure SCIM for your Lucidpress account:
  1. Add the Lucidpress SCIM app to your IDP
  2. In Lucidpress, navigate to Team > App Integration > SCIM
  3. Click “generate token.” Doing so will generate a unique token to be shared between Lucidpress and your IDP. This bearer token will be used to authenticate requests. Copy this bearer token to your clipboard.
  4. Configure your IDP to use SCIM with the bearer token and base URL provided by Lucidpress.

The attributes we expect to receive are:

  • first name
  • last name
  • email

There are two naming conventions that we support for receipt of these attributes:

  • User.FirstName
  • User.LastName
  • User.Email

or the OID format:

  • urn:oid:2.5.4.42 (first)
  • urn:oid:2.5.4.4 (last)
  • urn:oid:0.9.2342.19200300.100.1.3 (email)

We also strongly prefer that the email be sent in the NameId field, but can work with other values if required.

 

Ready to get started? Choose your SAML/SCIM provider below for more instructions.

 
 
Was this article helpful?
1 out of 1 found this helpful