Okta SSO (SAML 2)

Before you get started

This page explains the steps involved in setting up a single sign-on between your Okta service and LUCCA solutions, in this case using the SAML 2.0 protocol.

Step 1: Creating the configuration in Lucca

This operation must be performed by an administrator or a user with access to the "Authentication and SSO parameters" module.

MerciApp_e54zozhQB9.png

1. Activate the appropriate authentication method depending on the protocol (OAuth 2.0, SAML 2.0, ...) and your IdP.

MerciApp_flRw7FWTAp.png

2. Get a range of information in the “Lucca service provider information” section. In this example, it is a SAML 2.0 protocol, but it is applicable for other protocols:

  • Your connection URL;
  • Your response URL;
  • Your metadata URL (SAML2.0 only);
  • Your Lucca identifier (SAML2.0 only).

MerciApp_G4KJ8ZYlTG.png

MerciApp_rNAYIXR9U6.png

Step 2: Creating a SAML 2.0 application in Okta 

1. From your OKTA administrator interface, select "Applications",

2. Click on "Add Application", then on "Create New Application",

3. Opposite Platform, choose "Web" and fill in "SAML 2.0" for the Sign on method: 

image__45_.png

Step 3: General settings 

1. On the "General Settings" page, enter "Lucca" in the "Application Name" field
2. Select the box: "Do not display application icon in the Okta mobile app". 

Step 4: SAML 2.0 configuration

1. "SAML Settings" page

Enter the information provided by Lucca in the following fields: 

  • Single sign on URL (response URL)
  • Audience URI (Lucca identifier)

In the "Application userName" field, enter "Email".

image__46_.png

2. Feedback page

image__47_.png

3. Confirmation page

image__48_.png

Step 3: Setting up LUCCA

This operation must be performed by an administrator.

Once configuration has been completed in your Okta management interface, you will need to return to Lucca's authentication parameters to enter the following information:

  • the metadata of your Okta service

  • the LUCCA field corresponding to the AD attribute sent in the token (step 4 _1.) : email address 

The public URL for access to your Okta's metadata is preferable. Generally, it is in the following format:

https://xxxx.okta.com/app/exk56ocxeX9l6YujF4x6/sso/saml/metadata
For certificate renewals, our authentication service will be kept up to date. 

Once this information has been entered and saved, you can activate the SSO connection as soon as you are ready:

mceclip2.png

Once the login via SSO has been activated, you can deactivate the ability for employees to access the Lucca login page which allows your employees to log in with their Lucca login and a personalized password, by deactivating the "Lucca login/password login".

Page content

Was this article helpful?
0 out of 0 found this helpful