Security Features for Enterprise Admins

Lucid cares about the security of your organization’s documents and data. As the admin of your Lucidchart enterprise account, you can customize the security settings for your account in the admin panel. You can integrate Lucidchart with your identity management solution, grant your users proper collaboration permissions, and control your account with a unique encryption key.

In the identity management section of the admin panel, you can customize your security settings in Lucidchart to match the security settings of your organization.

Sign-On Methods

In addition to allowing the traditional method of email and password logins, Lucidchart integrates with the following Single Sign-On (SSO) applications.

  • Google SSO
  • Office 365
  • SAML (Unless this SSO method is set as the default sign-on method, users will be able to log in through the SAML API but will not be able to use SAML to log in through the Lucidchart API.)

You can enable and disable different login methods by navigating to the user sign in tab of the identity management section of the admin panel and checking or unchecking the boxes next to the different sign in methods. When you have more than one method selected, users will be able to select their desired login method after typing their email address into the Lucidchart login page.

Default Sign-On

In the user sign in tab, you can also set your team’s default authentication method. This is the log in method that users will encounter when they click “Next” or hit the “Enter” key after typing their email address into the Lucidchart log in page. For example, the Lucidchart team has Google SSO set up as our default sign-on method, so employees will be directed to log in with Google when they click “Next” or hit “Enter.”

Restrict User Login to Whitelisted IP Addresses

If you would like your employees to only be able to log in to Lucidchart from specific locations, check this box and whitelist certain IP addresses by typing them into the field below.

Note: This feature will not prevent users from logging in with a whitelisted IP address and then moving to another address that is not whitelisted.

CIDR Notation: This feature requires CIDR notation to denote IP ranges, e.g. 192.168.2.0/24.

Password Policy

If your organization allows email and password login, you can change the settings in the Password Policy tab to increase the security of your users’ passwords.

Force Password Reset

By pressing this button, you will force a password reset for every member of your organization. When a user logs in after you do this, they will be prompted to change their password.

Domain Lockdown

Domain Lockdown is an Enterprise feature that allows you to control the security settings for users on your domain.

If you enable domain lockdown, users who attempt to sign up for a Lucidchart account will be notified that an enterprise account already exists with their given domain and they will be redirected to verify their identity. Once they have verified their identity, they will be pulled into your organization’s Lucidchart account.

The domain lockdown feature prevents users from creating unauthorized teams outside of your team account and allows you to set security standards for your entire organization.

You can select one of the following options for verifying your user’s identities.

  • Confirmation email: The user will receive an email with a confirmation link. Once they click on the link, they will be pulled into your Lucidchart account.
  • SAML authentication: This option will redirect users to your organization’s SAML instance. Once they log in successfully they will be pulled into your account.
  • Google SSO authentication: This option will redirect users to authenticate via Google SSO. Once they have successfully logged in, they will be pulled into your Lucidchart account.
  • Office 365 SSO authentication: This option will redirect your users to authenticate via their Office 365 credentials. Once they have successfully logged in, they will be pulled into your Lucidchart account.
  • Redirect to custom authentication URL: This allows users to redirect to a different SSO provider via an authentication URL.

Note: Due to the security demands of domain lockdown, you will need to click the "Contact Support" link to fill out a request form.

Lucidchart offers many different sharing options so that you can adjust your team’s sharing settings to meet your security needs. Restrict the sharing capabilities of users on your account in the “Collaboration” tile of the admin panel.

Team Sharing
As team admin, you can restrict user’s ability to share documents, images, and folders with all users on the team. To do so, navigate to the “Basic” finger tab within the collaboration section of the admin panel, then un-check the box next to “Allow users to share documents, images, and folders with all users” under "Team Management."

Image Sharing
You can determine whether or not images that users on your team upload to Lucidchart are automatically shared with the entire team. To do so, navigate to the “Basic” tab within the collaboration section of the admin panel, then select “Allow users to share specific images and folders” or “All images are shared automatically.”

Document Sharing
Don't want users on your account to be able share their documents publicly? You can restrict their document publishing capabilities in the “Advanced” section of the collaboration tile. Simply navigate to the “Advanced” finger tab and un-check any of the following sharing options that you would like to restrict:

  • Share documents on social networks
  • Publish documents to web pages
  • Generate access link for public document sharing

Invites to Other Teams
To prevent users from being able to accept invites to move from your team to another Lucidchart team, navigate to the “Advanced” section of the collaboration tile and un-check the box next to “Accept an invite to leave your team and join another team.”

Domain Restrictions
To restrict the sharing capabilities of users on your team to emails of given domains, navigate to the “Domain Restrictions” section of “Advanced” finger tab of the collaboration tile. Here, you can select one of the following options:

  • Do not restrict sharing by domain: When this option is selected, users will be able to share information to users on any domain.
  • Warn team members who share documents to emails outside given domains: When this option is selected, a warning message will be sent to a user whenever that user attempts to share a document outside the whitelisted domains.
  • Restrict sharing documents by domain: When this option is selected, users will only be able to share documents to people with whitelisted domains. If a user attempts to share outside of the whitelist they will get a notification saying that they are not allowed to do so.

If you have opted to warn or restrict users based on shared-to domains, you will be able to input permitted domains that you would like to whitelist in the text box at the bottom of the “Domain Restrictions” section. If you don’t do this, everyone on your team will be warned and restricted every time they attempt to share a document.

Lucidchart Key Management Service allows businesses to control their own encryption keys for an additional layer of security. Lucidchart KMS is a paid enterprise add-on feature. To learn more about this service, please see the KMS whitepaper or contact our sales team.

For customers with less than 200 licenses they can rotate their Master Key once every week or if there is evidence that Lucidchart’s security has been compromised. For customers with 200+ licenses they can rotate their Master Key once every 24 hours or if there is evidence that Lucidchart’s security has been compromised.