Before you get started
This page explains the steps involved in setting up a single sign-on between your Okta service and LUCCA solutions, in this case using the SAML 2.0 protocol.
Step 1: Creating the configuration in Lucca
This operation must be performed by an administrator or a user with access to the "Authentication and SSO parameters" module.
1. Activate the appropriate authentication method depending on the protocol (OAuth 2.0, SAML 2.0, ...) and your IdP.
2. Get a range of information in the “Lucca service provider information” section. In this example, it is a SAML 2.0 protocol, but it is applicable for other protocols:
- Your connection URL;
- Your response URL;
- Your metadata URL (SAML2.0 only);
- Your Lucca identifier (SAML2.0 only).
Step 2: Creating a SAML 2.0 application in Okta
1. From your OKTA administrator interface, select "Applications",
2. Click on "Add Application", then on "Create New Application",
3. Opposite Platform, choose "Web" and fill in "SAML 2.0" for the Sign on method:
Step 3: General settings
Step 4: SAML 2.0 configuration
1. "SAML Settings" page
Enter the information provided by Lucca in the following fields:
- Single sign on URL (response URL)
- Audience URI (Lucca identifier)
In the "Application userName" field, enter "Email".
2. Feedback page
- Enter the URL: https://support.lucca.fr/hc/en-us/articles/360022954532-SSO-with-SAML-2-0-protocol in the "Which app pages did you consult to configure SAML?" field
- Enter "I'm an Okta customer adding an internal app"
- Select "It's required to contact the vendor to enable SAML":
3. Confirmation page
- Click on "Identity Provider metadata"
- Send the corresponding URL to the page that opens: format: https://xxxx.okta.com/
app/exk56ocxeX9l6YujF4x6/sso/ saml/metadata
Step 3: Setting up LUCCA
This operation must be performed by an administrator.
Once configuration has been completed in your Okta management interface, you will need to return to Lucca's authentication parameters to enter the following information:
- the metadata of your Okta service
- the LUCCA field corresponding to the AD attribute sent in the token (step 4 _1.) : email address
The public URL for access to your Okta's metadata is preferable. Generally, it is in the following format:
https://xxxx.okta.com/app/exk56ocxeX9l6YujF4x6/sso/ saml/metadata
Once this information has been entered and saved, you can activate the SSO connection as soon as you are ready:
Once the login via SSO has been activated, you can deactivate the ability for employees to access the Lucca login page which allows your employees to log in with their Lucca login and a personalized password, by deactivating the "Lucca login/password login".