OAuth 2.0 and SAML 2.0 protocols are available to interface with Azure AD.
The following article describes the steps to implement a SSO between Azure AD and Lucca applications with OAuth 2.0 protocol.
For SAML 2.0 protocol, you can follow the following article (only for Premium Azure AD) : SSO protocole SAML 2.0
- SSO Lucca option subscription
- Azure AD users all have a unique email address
- Collect following information provided by Lucca : Connexion URL, Redirect URI
Step 1 : OAuth 2.0 application creation
1. From Azure AD configuration interface, click on the App registrations menu, and click on New registration.
2. Fill in the Application Name (custom value) and the Redirect URI (provided by Lucca), select the Supported account types. Then click on Register.
3. From Overview tab, save Application ID and Directory ID.
4. From Branding tab, fill in the Connexion URL provided by Lucca in Home page URL field.
5. From Certificates & secrets tab, create a New client secret with a description and an expiration value (never expires), then click on Add.
NB : if you choose to generate a key with a limited expiration time, you will have to send us the new key before the renewal.
Finally, save the Client key.
Step 2 : Authorize the users to access to the new application
From the Enterprise applications, you will find the OAuth 2.0 application created for Lucca. You will have to grant access to the futur users of Lucca.
For your information, Lucca Authentification service matches the email address provided by Azure AD with the email address field in Lucca user files.
Step 3 : LUCCA configuration
Thank you to send via our online form the following information (in step 1) :
- Directory ID
- Application ID
- The saved client secret