search
Ctrlk
Go To Luciq

SSO Using SAML

circle-exclamation

This guide uses Oktaarrow-up-right to show the SAML setup flow. Most SAML providers follow similar steps.

hashtag
Set up SAML in Okta

hashtag
Create the application in Okta

1

hashtag
Luciq: Open SAML settings

Sign up in Luciq using the same email address as Okta.

In Luciq, go to Account Management → Identity access management.

Click Configure next to SAML.

2

hashtag
Okta: Create an app integration

In Okta, go to Applications.

Click Create App Integration.

3

hashtag
Okta: Choose SAML 2.0

In Okta, in Applications, select SAML 2.0.

Click Next.

4

hashtag
Okta: Set the app name

In Okta, in General Settings, enter the app name.

Click Next.

5

hashtag
Okta: Map the SAML fields

In Okta, in Configure SAML, map these values:

  1. Copy Service Provider SSO Callback URL from Luciq to Single sign-on URL in Okta.

  2. Copy Service Provider Entity ID from Luciq to Audience URI (SP Entity ID) in Okta.

  3. Leave Default RelayState empty.

  4. Set Name ID format to EmailAddress.

  5. Set Application username to email.

  6. Click Next.

hashtag
Assign users to the app

1

hashtag
Okta: Assign users to the app

In Okta, in Applications, click Assign Users to App.

Select the app you created.

Then select the users to assign.

arrow-up-rightarrow-up-right

hashtag
Set up sign-on

1

hashtag
Okta: Open the Sign On tab

In Okta, go to Applications.

Open the app you created.

Select the Sign On tab.

2

hashtag
Okta: Open setup instructions

In Okta, in the Sign On tab, open View Setup Instructions.

3

hashtag
Okta and Luciq: Choose a certificate or fingerprint

Set up either a certificate or a fingerprint.

chevron-rightUsing certificatehashtag

  1. Download the Okta certificate from View Setup Instructions.

  2. In Luciq, in Account Management → Identity access management, open Configure SAML SSO.

  3. Select Certificate, then upload the certificate.

  4. Copy Identity Provider Single Sign-On URL from View Setup Instructions to SAML/idP metadata URL in Luciq.

chevron-rightUsing fingerprinthashtag

  1. Change directory to where you downloaded the certificate.

  2. Run openssl x509 -noout -fingerprint -sha1 -inform pem -in okta.cert.

  3. Copy the fingerprint value. It should look similar to F4:95:55:6E:97:D7:B6:26:56:3C:D0:4D:A0:D3:E4:05:B3:11:FF:B7.

  4. In Luciq, in Account Management → Identity access management, open Configure SAML SSO.

  5. Select Fingerprint, then enter:

    1. Identity Provider Certificate Fingerprint = fingerprint from the terminal.

    2. Identity Provider Certificate Fingerprint Algorithm = SHA1.

    3. SAML/idP metadata URL = Identity Provider Single Sign-On URL from View Setup Instructions.

hashtag
Log in

circle-info

Before logging in with SSO, make sure the email is already invited to the company. If you want Okta to create accounts automatically, see SCIM Provisioning.

1

hashtag
Luciq: Log out

In Luciq, log out of your current session.

2

hashtag
Luciq: Start SSO login

In Luciq, select Log in with SSO.

3

hashtag
Luciq: Sign in with the assigned account

In Luciq, enter the Okta email you assigned to the app.

circle-info

To enable SAML or OAuth for the whole company, log in with SSO at least once after setup.

After that, members can no longer log in with email and password.

circle-exclamation

If you disable SSO and then enable it again, it applies to the whole company immediately. You do not need to log in with SSO first.

PreviousUser ManagementNextSSO Using OAuth

Last updated