Before you get started
We support the 2 authentication protocols OAuth 2.0 and SAML 2.0 for Google Identity Platform. The following document provides the necessary information to set up a single sign-on between Google Identity Platform and LUCCA solutions via the SAML 2.0 protocol.
Here is the help page for implementing the OAuth 2.0 protocol.
Step 1: Creating the configuration in Lucca
This operation must be performed by an administrator or a user with access to the "Authentication and SSO parameters" module.
1. Activate the appropriate authentication method depending on the protocol (OAuth 2.0, SAML 2.0, ...) and your IdP.
2. Get a range of information in the “Lucca service provider information” section. In this example, it is a SAML 2.0 protocol, but it is applicable for other protocols:
- Your connection URL;
- Your response URL;
- Your metadata URL (SAML2.0 only);
- Your Lucca identifier (SAML2.0 only).
Step 2: Creating a SAML 2.0 application
1. From the Google Admin interface (administrator rights required), select Applications.
2. Click on SAML Applications. then on the + button at the bottom right of the screen to add a new application.
3. Select Configure my customized application.
4. Download the IdP metadata file.
5. Give the application an explicit name (this will be the name displayed in the Google menu).
You can download the LUCCA logo at the following URL:
https://design.lucca.fr/shared/lucca-256x256.png
6. Enter the information obtained from the LUCCA interface. To do this, fill in:
- the ACS URL (Google side) with the Response URL (Lucca side);
- the entity ID (Google side) with the Lucca identifier (Lucca side);
- the startup URL (Google side) with the connection URL (Lucca side).
7. Select the Signed response box and enter the name ID and name ID format as shown.
7. Then click on Add a new mapping.
Application attribute to enter:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
General information and Primary email address can be selected.
8. If all data has been entered correctly, the following message appears.
Once the application has been created, it needs to be activated for all users.
Note: activation may take several hours.
Step 3: Setting up LUCCA
This operation must be performed by an administrator or a user with access to the "Authentication and SSO parameters" module.
Once the configuration has been completed in your Google management interface, you need to return to Lucca's authentication settings to integrate the metadata URL or, if applicable, the IdP file downloaded in step 2.
By default, the standard signature and encryption parameters are activated. These parameters can be modified if you have a specific configuration.
Once this information has been entered and saved, you can activate the SSO connection as soon as you are ready:
Once the login via SSO has been activated, you can deactivate the ability for employees to access the Lucca login page which allows your employees to log in with their Lucca login and a personalized password, by deactivating the "Lucca login/password login".