OAuth 2.0 and SAML 2.0 protocols are available to interface with Azure AD.
The following article describes the steps to implement a SSO between Azure AD and Lucca applications with SAML 2.0 protocol (only for Premium Azure AD).
For OAuth 2.0 protocol, you can follow the following article: SSO Azure AD with OAuth 2.0 protocol
- Subscribe to the Lucca SSO option
- Collect following information provided by Lucca : Metadata URL
Step 1 : SAML 2.0 application creation
1. From the Azure AD configuration interface, click the Entreprise applications tab.
2. Click New application
3. Select Non-gallery application, fill in a description for the application (ex: Lucca), then click sur Add.
4. Select SAML protocol.
5. Upload metadata file (from metadata URL provided by Lucca team), then save the configuration generated by default.
6. Edit User Attributes & Claims in order to send a single attribute (email address or login) in the SAML token. Lucca Service Provider will match this attribute with email address or login Lucca's field.
Then, please note the App Federation Metadata Url.
7. (optional) You can change the SAML signing policy : sign SAML Assertion and/or SAML Response (only SAML Assertion by default).
Step 2 : Authorize users to access the new application
From the Enterprise applications tab, you will find the SAML 2.0 application created for Lucca. You will have to grant access to future Lucca users.
Step 3 : LUCCA configuration
Thank you for sending the following via our online form (in step 1) :
- App Federation Metadata Url
- Lucca Field that matches Azure AD attribute sent in the SAML token : email address or login
- SAML Signing Policy