SSO Azure Active Directory (SAML 2.0)

Introduction

OAuth 2.0 and SAML 2.0 protocols are available to interface with Azure AD. 

The following article describes the steps to implement a SSO between Azure AD and Lucca applications with SAML 2.0 protocol (only for Premium Azure AD).

For OAuth 2.0 protocol, you can follow the following article: SSO Azure AD with OAuth 2.0 protocol

Requirements

  • Subscribe to the Lucca SSO option
  • Collect following information provided by Lucca : Metadata URL

Step 1 : SAML 2.0 application creation

1. From the Azure AD configuration interface, click the Entreprise applications tab.

2. Click New application

3. Select Non-gallery application, fill in a description for the application (ex: Lucca), then click sur Add.

4. Select SAML protocol.

5. Upload metadata file (from metadata URL provided by Lucca team), then save the configuration generated by default. 

 

6. Edit User Attributes & Claims in order to send a single attribute (email address or login) in the SAML token. Lucca Service Provider will match this attribute with email address or login Lucca's field.

Then, please note the App Federation Metadata Url.

7. (optional) You can change the SAML signing policy : sign SAML Assertion and/or SAML Response (only SAML Assertion by default).

Step 2 : Authorize users to access the new application

From the Enterprise applications tab, you will find the SAML 2.0 application created for Lucca. You will have to grant access to future Lucca users. 

Step 3 : LUCCA configuration

Thank you for sending the following via our online form (in step 1) : 

- App Federation Metadata Url

- Lucca Field that matches Azure AD attribute sent in the SAML token : email address or login

- SAML Signing Policy

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments