Background information
OAuth 2.0 and SAML 2.0 protocols are available to interface with Azure AD.
The following document provides the information required for setting up Single Sign-On between Azure AD and LUCCA solutions using the OAuth 2.0 protocol.
For the SAML 2.0 protocol, you can refer to the following help page (only available with PREMIUM Azure AD subscriptions): SAML 2.0 protocol SSO
Prerequisites
- Subscription to the LUCCA SSO option
- Azure AD users all have a unique email address
- Retrieving the following information from the LUCCA teams: login URL, response URL
Step 1: Creating an OAuth 2.0 application
1. From the Azure Active Directory management interface, in the App registrations tab, click on New registration.
2. Enter the following information: Application name (this value can be customised), supported account type and Redirect URL supplied by LUCCA’s teams. Then click Register.
3. From the overview, save both the application ID and directory ID.
4. From the Branding tab, enter the login URL provided by LUCCA’s teams.
5. From the Certificates & secrets tab, click on New client secret, then enter a description and expiration date (in the example: ‘Never’). Lastly, click on Add.
Then save the generated key.
Step 2: Authorise users to access the application
In the Enterprise applications tab, you will find the OAuth 2.0 application created for LUCCA. The rights needed by future LUCCA solutions users should be assigned.
For your information, LUCCA’s authentication service will match the user email address (unique login) provided by Azure AD with the professional email field in LUCCA’s user files.
Consequently, Azure AD’s work email addresses should be integrated into the LUCCA solutions.
Step 3: Setting up LUCCA
Using our online form, please send the following information from step 1:
- directory ID
- application ID
- saved key