New article
Recently updated
Setting up Azure AD
Who is this article for?IT Personnel who want to learn to set up Azure AD in Lucidity.
Account Administrator permissions are required.
Setting up Azure Active Directory (AD) integration with Lucidity streamlines user authentication and access management for your organisation. This guide provides step-by-step instructions for configuring SAML settings in Azure AD, ensuring seamless single sign-on (SSO) functionality between your Azure AD environment and the Lucidity software platform.
1. Microsoft Azure AD
This page describe the steps to setup Azure AD to enable Lucidity access via SSO.
-
Sign in to your Microsoft Azure AD portal as an account administrator.
-
From the menu on the left-hand-side select Azure Active Directory, Enterprise applications, All applications and then New application.
- Select Non-gallery application and enter a desired App Name into the Name field.
We recommend this value be set to something that identifies this app as Lucidity Software.
- Click the Add button at the bottom to create the new app.
-
Once the app is created you'll be automatically taken to the Overview screen.
-
From the Overview screen navigate to Single Sign On, then SAML.
- Under 1. Basic SAML Configuration, enter the following values:
- Identifier (Entity ID): https://{your-domain}.luciditysoftware.com.au/simplesaml/module.php/saml/sp/metadata.php/{your-domain}
- Reply URL (Assertion Consumer Service URL): https://{your-domain}.luciditysoftware.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/{your-domain}
-
Click Save.
Important: At the bottom of this section, you'll see a checkbox that displays three optional fields when checked: Sign on URL, Relay State, and Logout Url. Generally, these fields are left empty. However, if you need users to be redirected to a specific Lucidity module upon successful authentication, include the following in the Relay State field: https://{your-domain}.luciditysoftware.com.au/home/login/{module-name}/completesso/{your-domain}
- Under 2. User Attributes & Claims:
- Locate the claim name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.
- Click the Claim Rule to edit.
- Change the Name attribute to "userprincipalname" (without quotes).
- Click Save.
- If you prefer not to edit the existing claim:
- Click Add new claim.
- Enter the following:
- Name: userprincipalname
- Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/
- Source: Attribute (radio button)
- Source attribute: user.userprincipalname
- Click Save.
- At this point, you should have at least five claims:
- emailaddress
- givenname
- userprincipalname
- nameidentifier
- surname
- (potentially "name" if you created a new claim rather than editing the existing one)
Aside from assigning users to the new App, the setup is complete. You'll now need to send the required metadata to your contact at Lucidity.
- From within the Apps Single sign-on configuration navigate to 3. SAML Signing Certificate.
- Next to Federation Metadata XML click Download.
- Send this file to Lucidity.
2. User assignment
By default, all newly added applications will require users to be assigned to the application, without this step, users trying to login will be displayed an error message.
You can assign access to users by selecting Users and Groups in the left application menu and adding either a user group or specific users. If you want all users to be able to sign in to Lucidity using single sign on, from the Properties menu, you can also change Assignment Required to "No" which will allow all users to login to Lucidity as long as they have a matching user account in Lucidity.