Okta SAML and SCIM Integration

Integrating Lucidchart with Okta enables your users to authenticate using SAML single sign-on through Okta. Furthermore, our SCIM integration allows admins to create users and provision and deprovision users within Okta itself, without having to sign in to Lucidchart. The following tutorial walks through the process of integrating Okta with Lucidchart. You will need admin privileges in both Okta and Lucidchart to complete this integration.

These features are only available to Enterprise accounts. To upgrade your account, check out our pricing page or contact our sales team.

  1. To get started, first add Lucidchart to your Okta Application Network and generate the Okta metadata for Lucidchart. Log in to Okta and select the blue “Admin” button in the top right corner of the dashboard.

  2. Select “Add Applications” from the shortcut menu on the right side of the admin dashboard.

  3. Search for "Lucidchart" in the applications search bar and select “Add” on the Lucidchart application.

  4. Enter your domain on the General Settings page and select “Next” in the bottom right. Be sure to only enter your domain, not a full URL.

    General Settings
  5. From the Applications menu, click on the Lucidchart app to view the settings.
  6. On the Sign-On Options page, change the selection from "Secure Web Authentication" to "SAML 2.0." Change the Application User Name format to "Email."

  7. With SAML 2.0 selected, click “Identity Provider metadata” to access the Okta metadata. This metadata instructs Lucidchart on how to communicate with Okta.

  8. Okta will open a new page that includes the Lucidchart metadata. Copy the metadata.  Do not grab the header, only the elements contained with the XML code.
  9. Now use the Okta metadata to configure the SAML integration in Lucidchart. To start, open up a second browser tab, log in to your Lucidchart account, and select “Team” at the top of the screen.

  10. Navigate to the “App Integration” panel.

  11. Select “SAML” on the integrations page.

    SAML integrations
  12. Select “Enable SAML Integration."

  13. Enter your account domain in the Domain field under the Lucidchart Sign in URL section. Be sure to enter just the domain, not a full URL.  This must match what you put in the Okta application General Settings page.

  14. In Identity Provider Metadata section, paste the Okta metadata into the text box and select “Save changes.”

  15. Now your Lucidchart account will support SAML single-sign on authentication through Okta.

Lucidchart Prerequisites:

  • Must be part of an Enterprise subscription on an up-to-date pricing plan. To upgrade, please see our pricing page.
  • Must have "auto-upgrades" turned on. To enable "auto-upgrade," go to Team > Licensing.

    Auto Upgrade Setting
  1. From the top of the page, select Team > App Integration > SCIM.

    SCIM Integration
  2. Click the “Generate token” button to create a unique code that is shared between Lucidchart and Okta. Copy the bearer token to your clipboard.

    SCIM Token
  3. Return to Okta and log in as an administrator. In the Admin area, go to the Applications menu and click on the Lucidchart application.

    Applications Menu
  4. Select the checkbox “Enable provisioning features.”

    Check Box
  5. Paste the bearer token you generated in Lucidchart into the API Token field. Click “Test API Credentials” to validate the connection. Select the integration points you would like to enable.

    API Token
  6. Here's the entire provisioning process in action. This video demonstrates the following:
  • Create a new group called Software Engineering.
  • Make Lucidchart a default application for the Software Engineering Group.
  • Add two users in Okta to the Software Engineering group.
  • Watch those two users appear as created, licensed accounts within Lucidchart.

    OKTA Gif

Related Articles

Lucidchart and SAML
Active Directory Federation Services (ADFS) SAML Integration
Azure SAML and SCIM Integration
OneLogin SAML and SCIM Integration