Setting up SSO for your team
Single sign-on (SSO) integration is available for Enterprise teams. Contact your account manager for more information.
Go to your account settings and scroll down to click the Configure SSO button:
The set up modal will open for you to input your SSO information. At the top is a link to Lumen5's meta data related to SSO. To complete this step, you'll need to enter your:
- Entity ID
- Identity provider sign-on URL
- Public certificate
- URLs for the attribute names obtained through your identity provider
After adding the configuration, your SSO will be in pending state! While SSO is pending, users can login using either SSO or their email and password.
Once the configuration has been added, log out and log back in from this link, using your SSO credentials: https://lumen5.com/auth/sso-verification. You're all set!
Once SSO is configured, you have the option to decide if using it is mandatory for your team. Once you configure SSO and log in to your account using SSO for the first time, we'll turn this toggle on by default. You can turn it off anytime from your account settings, which will mean that users on your team can login using SSO or their Lumen5 email and password:
We only support service provider initiated login, which means users will have to login from this link: https://lumen5.com/auth/sso-verification. If your team has any links to Lumen5 in your internal portal, please be sure they point to that URL to ensure that your team can login using their SSO credentials.
What is the entity ID of your SP (Service Provider), the base URL, or the default Assertion Consumer Service (ACS) URL?
All of this information can be found in the Lumen5 metadata available in your account settings during SSO setup. You can also access that metadata here.
Which attributes are required in the SAML assertion (field names can be customized if required)?
- We need the first name, last name and email.
Do you require signed assertions/responses?
- Yes
Do you require the public key in SAML response?
- Yes
Do users get auto-provisioned when SSO is configured?
- When user accepts an invite sent by a team with SSO enabled, we authenticate their identity with their ID provider, an SAML response is sent to us and we will create a new user account on Lumen5.
Do you support role provisioning through SAML attributes or support SCIM?
- No
What roles are available?
- Admin and editor
Once SSO is enabled, can user accounts be setup to bypass SSO?
- SSO settings apply to the whole team. If you make SSO optional, users can login with email or SSO.
Is there support for log forwarding to a SIEM, audit events such admin and user activities?
- No
Setting up SSO
Go to your account settings and scroll down to click the Configure SSO button:
The set up modal will open for you to input your SSO information. At the top is a link to Lumen5's meta data related to SSO. To complete this step, you'll need to enter your:
- Entity ID
- Identity provider sign-on URL
- Public certificate
- URLs for the attribute names obtained through your identity provider
After adding the configuration, your SSO will be in pending state! While SSO is pending, users can login using either SSO or their email and password.
Once the configuration has been added, log out and log back in from this link, using your SSO credentials: https://lumen5.com/auth/sso-verification. You're all set!
SSO Settings
Once SSO is configured, you have the option to decide if using it is mandatory for your team. Once you configure SSO and log in to your account using SSO for the first time, we'll turn this toggle on by default. You can turn it off anytime from your account settings, which will mean that users on your team can login using SSO or their Lumen5 email and password:
We only support service provider initiated login, which means users will have to login from this link: https://lumen5.com/auth/sso-verification. If your team has any links to Lumen5 in your internal portal, please be sure they point to that URL to ensure that your team can login using their SSO credentials.
FAQ:
What is the entity ID of your SP (Service Provider), the base URL, or the default Assertion Consumer Service (ACS) URL?
All of this information can be found in the Lumen5 metadata available in your account settings during SSO setup. You can also access that metadata here.
Which attributes are required in the SAML assertion (field names can be customized if required)?
- We need the first name, last name and email.
Do you require signed assertions/responses?
- Yes
Do you require the public key in SAML response?
- Yes
Do users get auto-provisioned when SSO is configured?
- When user accepts an invite sent by a team with SSO enabled, we authenticate their identity with their ID provider, an SAML response is sent to us and we will create a new user account on Lumen5.
Do you support role provisioning through SAML attributes or support SCIM?
- No
What roles are available?
- Admin and editor
Once SSO is enabled, can user accounts be setup to bypass SSO?
- SSO settings apply to the whole team. If you make SSO optional, users can login with email or SSO.
Is there support for log forwarding to a SIEM, audit events such admin and user activities?
- No
Updated on: 07/05/2024
Thank you!