Integrating Lucidchart with Azure enables your users to authenticate using SAML single-sign on through Azure. Azure also offers a SCIM connection that allows you to provision users in your IDP. The following tutorial walks through the process of integrating Azure with Lucidchart.
The Azure SAML and SCIM integration is only available to Enterprise Accounts. To upgrade, please contact our sales team.
Note: You will need admin privileges in both Azure and Lucidchart to set up this integration.
- Add the Lucidchart Enterprise application to your Azure instance.
- Select "Configure single sign-on" from the "Quick start" menu.
- Select "SAML-based Sign on" for the "Single Sign-on Mode."
- Enter "https://lucidchart.com/saml/sso/" followed by your company domain into the "Sign on URL" text field (e.g."https://lucidchart.com/saml/sso/acme.com").
- Enter "lucidchart.com" as the "Identifier."
- Confirm that "user.userprincipalname" is the "User Identifier."
- Select "Save" at the top of the page.
- Select "Metadata XML" under the "SAML Signing Certificate" to download the IDP metadata. You will upload this file to Lucidchart in step 12.
- In Lucidchart, navigate to the Identity Management section of your Admin panel by clicking Team > Identity Management. Check the box next to “Allow SAML authentication,” then click “Save Changes.”
- On the same page, click “Configure” to navigate to your SAML activation page in Lucidchart.
- Under “Lucidchart Sign in URL,” enter your Domain name. Note: This must match what you entered in Azure in Step 2. Click “Save Changes.”
- Scroll down in the SAML Activation page of Lucidchart and click “Add Identity Provider.” Upload the .xml file that you downloaded from Azure in step 8.
- Click “Test SAML connection” to verify that Lucidchart is properly communicating with Azure. Note: The connection will only work if the Lucidchart app has been assigned to your test user in Azure. You can assign the app to users in the Assignments section of the app page.
To enable new user creation for users assigned to the application, you will need to navigate to the “Properties” tab in your Lucidchart application page within Azure. From there, scroll to the bottom of the page and toggle the “User Assignment request to Access Application” to “Off.” Then, select “Users and groups” from the “Manage” menu. Select and assign users and/or groups to access the Lucidchart application.
You can then set up Just-In-Time provisioning in the Lucidchart Licensing Settings section of your Lucidchart admin panel.
- If you would like all users to come onto your Lucidchart team with full-edit licenses, set the setting for “When a new user joins a team” to “Automatically grant license.”
- If you want all users to come in as view-only users, set the setting for “When a new user joins a team” to “Do not automatically grant.” Your users will then be able to request full-edit licenses. Depending on the “When a user requests a license” setting, you can have licenses automatically granted to users upon their request, or you can have the requests turn into pending requests in your user list.
Before configuring SCIM, you will need to do the following:
- Confirm that you are on an Enterprise account with an up-to-date pricing plan. To upgrade, please contact our sales team.
- Contact your Lucidchart Customer Success Manager so that they can enable SCIM for your account.
Once you have followed the pre-configuration steps listed above, you can configure SCIM for Lucidchart in Azure by following these steps:
- In Lucidchart, go to Team > App Integration > SCIM.
- Click “generate token.” Lucidchart will populate the “Bearer Token” text field with a unique code for you to share with Azure.
- In Azure, go to the Provisioning tab and use the Lucidchart Base URL and Bearer token to configure SCIM for the Lucidchart Azure app.
Lucidchart’s SAML integration allows users on your Lucidchart team to authenticate quickly and securely. Additionally, if you enable user provisioning, a SAML connection will create users in Lucidchart automatically upon their first log-in if they are assigned the Lucidchart app in your IDP.
What can I do with the Azure SCIM connection?
The Azure SCIM connection supports auto-provisioning, which means you can use SCIM to create Lucidchart users before their first log-in but you cannot assign them a specific license type (eg. full-edit vs. view-only).
What is the difference between Microsoft SSO and Azure SAML Sign-On?
Microsoft SSO and Azure SAML are both managed from the Azure portal. SAML uses SAML2.0 protocol while MS SSO uses OAuth2.0 OpenID. Generally, SAML set-ups are considered more secure because the encryption is on the transport layer (SSL).