SSO Google (SAML 2)

Before you get started

We support the 2 authentication protocols OAuth 2.0 and SAML 2.0 for Google Identity Platform. The following document provides the necessary information to set up a single sign-on between Google Identity Platform and LUCCA solutions via the SAML 2.0 protocol.

Here is the help page for implementing the OAuth 2.0 protocol.

Step 1: Creating the configuration in Lucca

This operation must be performed by an administrator or a user with access to the "Authentication and SSO parameters" module.


1. Activate the Google SAML 2.0 authentication method.


2. Retrieve your connection and response URLs

3. Retrieve your Lucca identifier in the "Lucca service provider information" section.

Step 2: Creating a SAML 2.0 application

1. From the Google Admin interface (administrator rights required), select Applications.


2. Click on SAML Applications. then on the + button at the bottom right of the screen to add a new application.


3. Select Configure my customized application.


4. Download the IdP metadata file.


5. Give the application an explicit name (this will be the name displayed in the Google menu).

You can download the LUCCA logo at the following URL:


6. Enter the information obtained from the LUCCA interface: the ACS URL, the establishment ID and the start URL.

7. Select the Signed response box and enter the name ID and name ID format as shown.


7. Then click on Add a new mapping.

Application attribute to enter:

General information and Primary email address can be selected.


8. If all data has been entered correctly, the following message appears.


Once the application has been created, it needs to be activated for all users.

Note: activation may take several hours.

Step 3: Configuring LUCCA

This operation must be performed by an administrator.

Once the configuration has been completed in your Google management interface, you need to return to Lucca's authentication settings to integrate the metadata URL or, if applicable, the IdP file downloaded in step 2.


By default, the standard signature and encryption parameters are activated. These parameters can be modified if you have a specific configuration.

Once this information has been entered and saved, you can activate the SSO connection as soon as you are ready:


Once the login via SSO has been activated, you can deactivate the ability for employees to access the Lucca login page which allows your employees to log in with their Lucca login and a personalized password, by deactivating the "Lucca login/password login".

Page content

Was this article helpful?
2 out of 2 found this helpful