Here are the steps to follow to set up a single sign-on authentication between your Okta service and LUCCA solutions (SAML 2.0 protocol).
Step 1: Create your settings in Lucca
This task will have to be performed by an administrator or any user with access to the authentication module.
1. Activate the Google SAML 2.0 method of authentication.
2. Retrieve your connection and response URL, as well as your Lucca ID, which can be found in the "Lucca service provider information" section.
Step 2: Create the SAML 2.0 application in Okta
1. in the OKTA admin interface, please select "Applications",
2. Click "Add Application", then "Create New Application",
3. Next to "Platform", please select "Web" et and choose "SAML 2.0" as your sign on method:
Step 3: General settings
Step 4: SAML 2.0 configuration
1. "SAML Settings" page
Please fill in the follwing fields with the information provided to you by Lucca:
- Single sign on URL (Response URL)
- Audience URI (SP Entity ID)
In the "Application userName" field, please fill in "Email".
2. "Feedback" page
- Fill the URL https://support.lucca.fr/hc/fr/articles/360022954532-SSO-protocole-SAML-2-0 in the following field: "Which app pages did you consult to configure SAML?"
- Enter "I'm an Okta customer adding an internal app"
- Tick in "It's request to contact the vender to enable SAML" :
3. Confirmation page
- Click "Identity Provider metadata"
- Send the corresponding URL to the page that will open up, using the following format: https://xxxx.okta.com/
Step 5: Lucca configuration
This task will have to be performed by an administrator.
Once the configuration has been performed in your Okta management interface, please go back to the Lucca authentication settings to fill in the following information:
- the metadata corresponding to your Okta service
- the LUCCA field matching the AD attribute sent in the token (step4 _1.): email address
Please consider using a public URL for metadata access, which is generally in the following format:
Once this information has been filled in and saved, you will be able to activate the SSO connection whenever you like.
After the SSO connection has ben activated, you will be able to deactivate the option to reach the manual login page, using their login ID and individual password. To do so, just deactivate the Lucca login / password connection button.