Azure SAML/SSO and SCIM

These features are only available to Business accounts.  

Integrating Lucidpress with Azure enables your users to authenticate using SAML single sign-on. Azure also offers a SCIM connection that allows you to provision users in your IDP.

The following steps walk through the process of integrating Azure with Lucidpress. You will need admin privileges in both Azure and Lucidpress to complete this integration.

 

1) Log in to Lucidpress. Remember: you will need to have admin permissions. Click “Team” on the left. Then, select “Identity Management”.

 

2) Check the box next to “Allow SAML authentication”. You can choose to unselect the other sign-on options if Azure is the only way your users will sign in to Lucidpress. Then, click “Save Changes”.


mceclip1.png


3) On the same page, click "Configure" to navigate to your SAML Activation page in Lucidpress.

4) Under "Lucidpress Sign in URL," enter your Domain name. For the most part, this can be named anything of your choice. The example below shows “test”. Click "Save Changes."
mceclip2.png
To configure SAML or SCIM with Azure for your Lucidpress account, you must first add an application to your Azure instance. To do so, navigate to https://portal.azure.com.

1) Select "Azure Active Directory" from the left-sidebar menu.
mceclip3.png


2) Select "Enterprise applications" from the "Manage" menu.

3) Click “+ New Application” on the top, then “Non-gallery application”.

4) Name your application and click “Add”.

5) Under “Manage”, click “Single Sign-on”. Choose “SAML”.

6) For Basic Configuration, enter “lucidpress.com” for the “Identifier (Entity ID)”. Then, paste: https://app.lucidpress.com/saml/sso/[YOUR_DOMAIN] for the “Reply URL”. Replace [YOUR_DOMAIN] with what you entered in Lucidpress from step 1. Also, paste this same URL in the “Sign on URL” field. Click “Save”.
mceclip4.png

 

7) Under “User Attributes & Claims”, double-check that “Unique User Identifier” is user.userprincipalname. It should show this by default.

 

8) Under “SAML Signing Certificate”, download the “Federation Metadata XML”.
mceclip5.png

 

9) On the left, click “Users & Groups” to assign the app to a group of users.

 

1) Return to Lucidpress. If you are not there already, go to the “Team” tab, then click “App Integration > SAML”.

2) Under “Identity Providers”, upload the metadata file you downloaded.

3) If you assigned the Azure app to your username, you can click “Test SAML Connection”. You’ll get this message if the app was created successfully:
mceclip6.png
To enable new user creation for users assigned to the application, you will need to navigate to the "Properties" tab in your Lucidpress application page within Azure.
mceclip7.png

From there, scroll to the bottom of the page and toggle the "User Assignment Required to Access Application" to "Off."
You can enable SCIM with Azure by clicking on the Provisioning tab in Azure and following Lucidpress' General Steps for Configuring SCIM and these steps from Microsoft

Please note that the Lucidpress app for Azure supports auto-provisioning with SCIM but not auto-licensing. Please see the Auto-Provisioning and Auto-Licensing article to learn about the difference.

 

 
 
Was this article helpful?
0 out of 1 found this helpful