OneLogin SAML and SCIM Integration

Integrating Lucidchart with OneLogin enables your users to securely authenticate using SAML single sign-on through OneLogin. Our SCIM integration allows admins to create users and provision and deprovision users within OneLogin itself, without having to sign in to Lucidchart. The following tutorial walks through the process of integrating OneLogin with Lucidchart. This feature is only available to Enterprise accounts. Please see our pricing page to upgrade or contact our sales team.

You will need admin privileges in both Lucidchart and OneLogin to complete this process.

  1. Log in to your OneLogin account. Go to the Apps menu at the top of the page and click “Add Apps.” Search for Lucidchart and add the app.
  2. Head to the Configuration tab.  You will need to add your domain.  Whatever the value you specify here, you will also need to mirror in Lucidchart in Step 6. 

     Screen_Shot_2018-06-27_at_2.16.40_PM.png
  3. Once you’ve added the Lucidchart app to your OneLogin account and saved the basic configuration page you can navigate to the SSO tab.  Here you will need to specify a SHA-256 encryption. 

    Screen_Shot_2018-06-27_at_2.17.32_PM.jpg
  4. Under the more actions drop down select the Metadata option and copy the XML code for use in Lucidchart in Step 8. 

    Screen_Shot_2018-06-27_at_2.31.29_PM.png
  5. Log in to your Lucidchart account and go to Team > App Integration > SAML.
  6. Check the box to enable SAML for your account.    
  7. Enter your domain information in the next field. FYI: This value must match what was specified in your OneLogin instance outlined in step 2.
  8. Paste the metadata copied from OneLogin into the field and click to save.

    enable_SAML_domain_and_IDP_metadata.gif

You should now be able to use SAML to log in to your Lucidchart account. If you want to test this, open up a new browser session (use an incognito or private browsing window) and go to the Lucidchart Sign-in URL (SP initiated URL), see step 5 above. You should be redirected to OneLogin. Once you enter your credentials, you should be directed to the Lucidchart Documents Page.

In order to have SCIM set up on your account, you must:

  1. Log in to your Lucidchart account as an account owner and go to your Account settings page. Click on “Subscription Level” to double check that you are on an Enterprise subscription.

    Check Subscription in Lucidchart
  2. Once you’re on the Subscription Level page, make sure the auto-upgrade option is checked. This setting is required for SCIM provisioning and deprovisioning to work.
  3. Navigate to Team > App Integrations > SCIM.

    SCIM App Integrations
  4. Return to OneLogin and log in as an administrator. Click on the Apps menu found at the top of the page, and search for Lucidchart SCIM.
  5. Once you’ve installed the Lucidchart SCIM app on OneLogin, go to the Configuration tab under the app. You can now reference the SCIM page on Lucidchart and paste in the bearer token and base URL.

    One Login Config
  6. Go to the Rules tab and ensure the user role is properly set up to grant Lucidchart edit access to anyone who is a member of that role. Selecting “Set User can edit charts” and “Yes - Licensed user” in order to grant the user edit access when they are provisioned into that role.

    OneLogin Rules
  7. Go to the Provisioning tab to ensure that you are set up to enable provisioning for Lucidchart SCIM.

    Enable provisioning


Related Articles
Lucidchart and SAML
Active Directory Federation Services (ADFS) SAML Integration
Okta SAML and SCIM Integration
Azure SAML and SCIM Integration