Okta SAML and SCIM Integration

Integrating Lucidchart with Okta enables your users to authenticate using SAML single sign-on through Okta. Furthermore, our SCIM integration allows admins to create users and provision and deprovision users within Okta itself, without having to sign in to Lucidchart. The following tutorial walks through the process of integrating Okta with Lucidchart. You will need admin privileges in both Okta and Lucidchart to complete this integration.

These features are only available to Enterprise accounts. To upgrade your account, check out our pricing page or contact our sales team.

  1. To get started, first add Lucidchart to your Okta Application Network and generate the Okta metadata for Lucidchart. Log in to Okta and select the blue “Admin” button in the top right corner of the dashboard.

    Admin Button
  2. Select “Add Applications” from the shortcut menu on the right side of the admin dashboard.

    Add Applications
  3. Search for Lucidchart in the applications search bar and select “Add” on the Lucidchart application.

    Search Bar
  4. Enter your domain on the General Settings page and select “Next” in the bottom right. Be sure to only enter your domain, not a full URL.

    General Settings
  5. Navigate to the "Assign to People" page and assign Lucidchart to your entire organization by choosing “Select All.” Then select “Next.”

Note: This will not automatically provision users within Lucidchart.

Assign to People

  1. The page you are directed to simply confirms that the Okta username will be utilized to authenticate users into Lucidchart. Select “Done” to finish adding the app.

    Assign
  2. Now Lucidchart has been added to your Okta Application network. Next, you need to retrieve the Okta metadata to link your Lucidchart and Okta accounts. After you add the application, Okta will direct you to the People settings page for the newly added Lucidchart application. Select “Sign On” to complete the integration.

    Sign On
  1. From the Applications menu, click on the Lucidchart app to view the settings.
  2. On the Sign-On Options page, change the selection from "Secure Web Authentication" to "SAML 2.0."

    Sign On Options Page
  3. With SAML 2.0 selected, click “View Setup Instructions” to access the Okta metadata. This metadata instructs Lucidchart on how to communicate with Okta.

    View Setup Instructions
  4. Okta will open a new page that includes the Lucidchart metadata. Copy all of the code found under step 2 of the Instructions page.

    Metadata
  5. Now use the Okta metadata to configure the SAML integration in Lucidchart. To start, open up a second browser tab, log in to your Lucidchart account, and select “Team” at the top of the screen.

    Team
  6. Navigate to the “App Integration” panel.

    App Integration
  7. Select “SAML” on the integrations page.

    SAML integrations
  8. Select “Enable SAML Integration.
    Enable SAML
  9. Enter your account domain in the Domain field under the Lucidchart Sign in URL section. Be sure to enter just the domain, not a full URL.

    Enter Domain
  10. In Identity Provider Metadata section, paste the Okta metadata into the text box and select “Save changes.”

    Metadata
  11. Now your Lucidchart account will support SAML single-sign on authentication through Okta.

Lucidchart Prerequisites:

  • Must be part of an Enterprise subscription on an up-to-date pricing plan. To upgrade, please see our pricing page.
  • Must have "auto-upgrades" turned on. To enable "auto-upgrade," go to Team > Licensing.

    Auto Upgrade Setting
  1. From the top of the page, select Team > App Integration > SCIM.

    SCIM Integration
  2. Click the “Generate token” button to create a unique code that is shared between Lucidchart and Okta. Copy the bearer token to your clipboard.

    SCIM Token
  3. Return to Okta and log in as an administrator. In the Admin area, go to the Applications menu and click on the Lucidchart application.

    Applications Menu
  4. Select the checkbox “Enable provisioning features.”

    Check Box
  5. Paste the bearer token you generated in Lucidchart into the API Token field. Click “Test API Credentials” to validate the connection. Select the integration points you would like to enable.

    API Token
  6. Here's the entire provisioning process in action. This video demonstrates the following:
  • Create a new group called Software Engineering.
  • Make Lucidchart a default application for the Software Engineering Group.
  • Add two users in Okta to the Software Engineering group.
  • Watch those two users appear as created, licensed accounts within Lucidchart.

    OKTA Gif