OneLogin SAML and SCIM Integration

Integrating Lucidchart with OneLogin enables your users to securely authenticate using SAML single sign-on through OneLogin. Our SCIM integration allows admins to create users and delete users within OneLogin itself, without having to sign in to Lucidchart. The following tutorial walks through the process of integrating OneLogin with Lucidchart. This feature is only available to Enterprise accounts. Please see our pricing page to upgrade or contact our sales team.

You will need admin privileges in both Lucidchart and OneLogin to complete this process.

  1. Log in to OneLogin and navigate to 'Apps' > 'Add Apps' in the top menu.

    Screen_Shot_2017-11-08_at_9.45.27_AM.png

  2. Search for 'Lucidchart' and select the Lucidchart SAML2.0 application.

    Screen_Shot_2017-11-08_at_9.45.57_AM.png

  3. Select 'Save' on the 'Add Lucidchart' page to add Lucidchart to your OneLogin apps.

    Screen_Shot_2017-11-08_at_9.54.20_AM.png

  4. After adding the application select the Lucidchart  'Configuration' tab in OneLogin and enter your domain and select 'Save'. Be sure to enter the domain only, not a full URL. The Lucidchart SAML integration will use your domain to generate a Lucidchart sign-in URL that will map to OneLogin. For example, if you were to enter 'acme.com' as your domain, the mapped end point URL will be 'www.lucidchart/saml/sso/acme.com'.

    Screen_Shot_2017-11-08_at_10.04.43_AM.png
  5. Navigate to the Lucidchart 'SSO' in OneLogin and set the '' to 'SHA-256'. Select 'Save'.

    Screen_Shot_2017-11-08_at_10.08.03_AM.png

  6. Select the 'More Actions' > 'SAML Metadata' to download the OneLogin SAML metadata from the Lucidchart app page in OneLogin. OneLogin will generate an XML file that we will insert in Lucidchart.

    Screen_Shot_2017-11-08_at_10.12.19_AM.png

  7. Log in to your Lucidchart account and navigate to 'Team' > 'App Integration' > 'SAML'.

    Appintegration.PNG

  8. Check the box to enable SAML for your account.

    Screen_Shot_2017-11-08_at_10.18.55_AM.png
  9. Enter your domain under 'Lucidchart Sign in URL' to generate the SAML endpoint in Lucidchart. This should match the domain entered into OneLogin in step 4. Select 'Save changes'.

    Screen_Shot_2017-11-08_at_10.35.17_AM.png

  10. Select 'Add Identity Provider'.

    Screen_Shot_2017-11-08_at_10.19.13_AM.png

  11. Enter 'OneLogin' as the 'Identity Provider Name' and paste the XML data from OneLogin into the text area. Select 'Add Provider'.

    Screen_Shot_2017-11-08_at_10.19.44_AM.png

    Now you will see the OneLogin connection listed under 'Identity Providers'.

    Screen_Shot_2017-11-08_at_10.19.59_AM.png

Now you can use SAML to log in to your Lucidchart account and you can assign users the Lucidchart app in OneLogin. If you want to test the connection, open up a new browser session (use an incognito or private browsing window) and go to the Lucidchart Sign-in URL (SP initiated URL) found in the OneLogin configuration under 'Identity Providers' in Lucidchart. You should be redirected to OneLogin. Once you enter your credentials (and you've been assigned to Lucidchart in OneLogin), you should be directed to the Lucidchart Documents Page.

In order to have SCIM set up on your account, you must:

  • The Lucidchart OneLogin application installed and SAML enabled (see 'OneLogin SAML Set Up').
  • Be part of an Enterprise subscription with an up-to-date pricing plan and enable automative upgrade. To check your subscription level navigate to your account settings by selecting your username in the top right of Lucidchart, selecting 'Account settings' and 'Subscription level'. Select 'Automatically upgrade team to larger size when licenses exceed team size' under 'License Allocation'.

    Screen_Shot_2017-11-08_at_11.06.54_AM.png

  1. Log in to your Lucidchart account and navigate to 'Team' > 'App Integrations' > 'SCIM'.

    Screen_Shot_2017-11-08_at_11.11.44_AM.png

  2. Select 'Generate token'. If you are unable to generate a token, check that you are on an enterprise subscription. If you are on an enterprise subscription but still can't generate a token then contact your Customer Success Manager or support@lucidchart.com.

    Screen_Shot_2017-11-08_at_11.12.46_AM.png

  3. Log into OneLogin and navigate to 'Apps' > 'Company Apps' and select the Lucidchart app.

    Screen_Shot_2017-11-08_at_11.15.33_AM.png

    Screen_Shot_2017-11-08_at_11.18.46_AM.png

  4. Navigate to the 'Configuration' tab under the Lucidchart app. Select 'Enable' and enter the 'SCIM Base URL' and the 'SCIM Bearer Token' provided by Lucidchart in step 2. Select 'Save'.

    Screen_Shot_2017-11-08_at_11.22.44_AM.png

  5. Navigate to the 'Provisioning' tab under the Lucidchart app. Select 'Enable provisioning for Lucidchart' and select 'Save'.

    Screen_Shot_2017-11-08_at_11.30.09_AM.png


    Now when users are assigned the Lucidchart application in OneLogin the user will be automatically created in Lucdichart. Upon deleting a user in OneLogin the user will be deactivated in Lucidchart.