User Tools

Site Tools


LUCY MANUAL Applies to LUCY versions above 4.7


(Unfinished) Enabling single sign-on authentication (SSO) for Okta

Background Info

:!: This feature is available in Lucy 4.6 or newer version.

This article describes the basic settings for integrating Okta into Lucy. More information can be found on the Okta website at

An additional information about what SSO in Lucy is designed for can be found here.

What preparations need to be done before connecting to Okta?

  • Advanced Settings:
    • Assertion Signature: Unsigned
    • Signature Algorithm: RSA_SHA256
    • Digest Algorithm: SHA256
    • Assertion Encryption: Encrypted
    • Encryption Algorithm: AES256_CBC
    • Key Transport Algorithm: RSA_OAEP
    • Encryption Certificate: use the certificate from Lucy's Settings page > SSO Configuration > Download Certificate
  • Attribute Statements:
    • Name: FirstName Value: user.firstName
    • Name: LastName Value: user.lastName
    • Name: mail Value:
  • Group Attribute Statements:
    • Name: groups Filter: Matches regex: .*
  • Feedback page:
    • Are you a customer or partner? I'm an Okta customer adding an internal app
    • App type: This is an internal app that we have created

Once the initial configuration is finished, go to the Sign On tab and click the "View Setup Instructions" button.

Enable Single sign-on in Lucy

  • Open Lucy Admin console
  • Navigate to the SSO Configuration page (Settings > SSO Configuration)
  • Tick the option "Enable Active Directory FS"
  • Fill in "Identity Provider Endpoint" with the Identity Provider Issuer provided by Okta (e.g.<unique_id>)
  • Download X.509 Certificate file provided by Okta, copy Thumbprint data from the certificate and paste it into Identity Provider Certificate Thumbprint field
  • Save the IDP metadata provided by Okta to an XML file and upload it into Lucy's Identity Provider Server XML metadata field
  • Save the settings

Testing Authentication

  • Go to Okta Admin portal
  • Navigate to the Directory > People page
  • Add at least one person corresponding to the Administrator account in Lucy (must be the same e-mail address)
  • Assign the recently added application to the user
  • Use "Login with single sign-on" button on the Lucy's Login page to login using Okta
sso_okta.txt · Last modified: 2020/02/18 10:24 by lucy