SSO Azure Active Directory (OAuth 2.0)

Background information

OAuth 2.0 and SAML 2.0 protocols are available to interface with Azure AD.

The following document provides the information required for setting up Single Sign-On between Azure AD and LUCCA solutions using the OAuth 2.0 protocol.

For the SAML 2.0 protocol, you can refer to the following help page (only available with PREMIUM Azure AD subscriptions): SAML 2.0 protocol SSO

Prerequisites

  • Subscription to the LUCCA SSO option
  • Azure AD users all have a unique email address
  • Retrieving the following information from the LUCCA teams: login URL, response URL

Step 1: Creating an OAuth 2.0 application

1. From the Azure Active Directory management interface, in the App registrations tab, click on New registration.

2. Enter the following information: Application name (this value can be customised), supported account type and Redirect URL supplied by LUCCA’s teams. Then click Register.

3. From the overview, save both the application ID and directory ID.

4. From the Branding tab, enter the login URL provided by LUCCA’s teams.

5. From the Certificates & secrets tab, click on New client secret, then enter a description and expiration date (in the example: ‘Never’). Lastly, click on Add.

If you choose to generate a key with a limited validity period, provide the Lucca help desk with the new key before it renews to avoid any service interruption.

 

Then save the generated key.

Step 2: Authorise users to access the application

In the Enterprise applications tab, you will find the OAuth 2.0 application created for LUCCA. The rights needed by future LUCCA solutions users should be assigned.

For your information, LUCCA’s authentication service will match the user email address (unique login) provided by Azure AD with the professional email field in LUCCA’s user files.

Consequently, Azure AD’s work email addresses should be integrated into the LUCCA solutions.

Step 3: Setting up LUCCA

Using our online form, please send the following information from step 1:

  • directory ID
  • application ID
  • saved key

Page content

Was this article helpful?
1 out of 2 found this helpful