Lucidchart

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide single sign-on (SSO) and user provisioning for Lucidchart.

About Lucidchart

Lucidchart is a web-based commercial service that allows users to collaborate and work together in real time to create flowcharts, organizational charts, website wireframes, Unified Modeling Language (UML) designs, mind maps, software prototypes, and other diagram types.

After integrating Lucidchart with Oracle Identity Cloud Service:

  • Users can use their Oracle Identity Cloud Service login credentials to access Lucidchart.
  • Users can use the Oracle Identity Cloud Service My Apps console to launch Lucidchart.
  • Administrators can use the Identity Cloud Service console to assign and revoke user access to the Lucidchart app.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage apps and users (by being assigned to the identity domain administrator or application administrator role).
  • A Lucidchart account with authorization rights to configure federated authentication and user provisioning.
  • Identity provider metadata. Use the https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata URL to access the metadata and save it as an .xml file. Use this file later during the Lucidchart configuration in the "Configuring SSO and Obtaining a Bearer Token from Lucidchart" section.

Configuring SSO and Obtaining a Bearer Token from Lucidchart

  1. Using the https://www.lucidchart.com/users/login URL, access Lucidchart as an administrator. The Welcome to Lucidchart window appears.

  2. Select any of the purposes listed for using Lucidchart. The Who's on your team? window appears.

    Note: The user can either choose to fill in the details or close the Who's on your team? window without providing any information. Both the Welcome to Lucidchart and Who's on your team? windows appear only when the user accesses Lucidchart for the first time.

  3. In the header menu of the My Documents page, click TEAM. The Admin page appears.

  4. In the App Integration page, click App Integration, and then click SAML. The SAML page appears.

  5. Under the Activation tab, click (Sign-in options) next to SAML authentication is not allowed. The Identity Management page appears.

  6. Under the User Sign In tab, select the Allow SAML authentication check box, and then click Save changes in the upper-right corner.

  7. To enable SSO integration, click (Configure) next to the Allow SAML authentication check box. The SAML page appears.

  8. Under the Lucidchart Sign in URL section, enter your domain name, and then click Save changes.

    Tip: Use this domain name later to register Lucidchart in the "Registering and Activating the Lucidchart App" section.

  9. Locate the Identity Providers section, click Add Identity Provider, and then upload the identity provider metadata that you obtained earlier in the "What Do You Need?" section.

  10. Under the Identity Providers section, make a note of the Sign In URL.

    Tip: Use this URL later to perform the service-provider-initiated SSO in the "Verifying the Service-Provider-Initiated SSO from Lucidchart" section. This URL consists of an <autogenerated id> at the end. For each identity provider, this <autogenerated id> is unique.

  11. Under the Download Service Provider Metadata section, click Download Metadata. The Lucidchart service provider metadata is downloaded.

    Tip: Use this metadata file later to obtain the service provider certificate in the "Obtaining the Service Provider Signing Certificate in .pem Format" section.

  12. In the header menu, click TEAM. The Admin page appears.

  13. Click App Integration, and then click SCIM. The SCIM page appears.

  14. Make a note of the Bearer Token value.

    Tip: Use this Bearer Token value to enable user provisioning for the Lucidchart app in Oracle Identity Cloud Service. See the "Enabling Provisioning" section.

Obtaining the Service Provider Signing Certificate in .pem Format

Use this section to obtain the service provider certificate from the Lucidchart metadata.

  1. Use the service provider metadata that you obtained while performing the steps in the "Configuring SSO and Obtaining a Bearer Token from Lucidchart" section.

  2. In the metadata file, locate the ds:X509Certificate tags.

  3. Copy the content between the ds:X509Certificate tags into a text file.

    Image img1.png displays the metadata content with ds:X509Certificate and ds:X509Certificate tags highlighted.

  4. At the beginning of the content, add -----BEGIN CERTIFICATE-----.

  5. At the end of the content, add -----END CERTIFICATE-----.

  6. Save the text file in a .pem format. This is the service provider signing certificate.

    Tip: Use this service provider certificate later while registering and activating the Lucidchart app in Oracle Identity Cloud Service. See the "Registering and Activating the Lucidchart App" section.

Configuring Lucidchart in Oracle Identity Cloud Service

Use this section to register and activate the Lucidchart app, and to enable provisioning and synchronization for Lucidchart.

Registering and Activating the Lucidchart App

  1. Access the Identity Cloud Service console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for Lucidchart, and then click Add.

  4. In the App Details section, enter your Lucidchart domain name value, and then click Next.

    Note: You specified this value while performing the steps in the "Configuring SSO and Obtaining a Bearer Token from Lucidchart" section.

  5. In the SSO Configuration section, upload the signing certificate of the service provider.

    Note: You obtained this certificate by performing the steps in the "Obtaining the Service Provider Signing Certificate in .pem Format" section.

  6. To enable provisioning and synchronization for Lucidchart, click Next. Oracle Identity Cloud Service displays the Provisioning page.

Enabling Provisioning and Synchronization for Lucidchart

Use this section to enable provisioning and synchronization for managing user accounts in Lucidchart through Oracle Identity Cloud Service.

Enabling Provisioning

  1. In the Provisioning page, select Enable Provisioning.

  2. Under the Configure Connectivity section, enter the Lucidchart Bearer Token value.

    Note: This is the Bearer Token value that you obtained while performing the steps in the "Configuring SSO and Obtaining a Bearer Token from Lucidchart" section.

  3. Click Test Connectivity. A success message is displayed, stating that the connection is successful.

  4. To view predefined attribute mappings between the user account fields defined in Lucidchart and the corresponding fields defined in Oracle Identity Cloud Service, click Attribute Mapping, and then click OK.

    Note: To add a new attribute for provisioning, click Add Row, specify the attributes in the User and Lucidchart Account columns, and then click OK. For example, if you want to add the External ID field, enter $(user.externalId) in the User column, and then select the corresponding field from the drop-down list in the Lucidchart Account column.

  5. Specify the provisioning operations that you want to enable for Lucidchart:

    Note: By default, the Create Account, Update Account, De-activate Account, and Delete Account check boxes are selected.

    Create Account: Automatically creates a Lucidchart account when Lucidchart access is granted to the corresponding user in Oracle Identity Cloud Service.

    Update Account: Automatically updates a Lucidchart account when the corresponding user is edited in Oracle Identity Cloud Service.

    De-activate Account: Automatically deactivates or activates a Lucidchart account when Lucidchart access is deactivated or activated for the corresponding user in Oracle Identity Cloud Service.

    Delete Account: Automatically removes an account from Lucidchart when Lucidchart access is revoked from the corresponding user in Oracle Identity Cloud Service.

Enabling Synchronization

  1. In the Provisioning page, select Enable Synchronization.

  2. From the User Identifier drop-down list, select the Oracle Identity Cloud Service user attribute that you want to match with the corresponding record fetched from Lucidchart:

    Note: By default, the User Name option is selected from the drop-down list. It's recommended to leave this default attribute for accurate synchronization of user records.

    Primary Email Address: Primary email address of the Oracle Identity Cloud Service user.

    User Name: User name of the Oracle Identity Cloud Service user.

  3. To match a Lucidchart account attribute with the existing Oracle Identity Cloud Service user, select an attribute from the Application Identifier drop-down list.

    Note: By default, the name option is selected. This option represents the username of the Lucidchart account. Don't change this default option.    

  4. From the When exact match is found drop-down list, select one of the following actions to be performed when a matching Oracle Identity Cloud Service user is found for an account:

    Link and confirm: Automatically links and confirms the matched account to the corresponding Oracle Identity Cloud Service user based on the defined User Identifier and Application Identifier fields. 

    Link but do not confirm: Automatically links all matched accounts to the corresponding Oracle Identity Cloud Service users based on the defined User Identifier and Application Identifier fields. You need to confirm the linked accounts manually. 

  5. In the Max. number of creates field, enter a number that's greater than or equal to 10. This value limits the number of accounts to be created during the synchronization run.

  6. In the Max. number of deletes field, enter a number that's greater than or equal to 10. This value limits the number of accounts to be deleted during the synchronization run.

    After enabling provisioning and synchronization for Lucidchart, you can synchronize the existing account details from Lucidchart and link them to the corresponding Oracle Identity Cloud Service users. For more information on performing synchronization tasks, see the Importing User Accounts from a Software as a Service Application section in Administering Oracle Identity Cloud Service.

    You can also manage Lucidchart accounts through Oracle Identity Cloud Service. For more information on performing provisioning tasks, see the Managing Oracle Identity Cloud Service Users and Managing Oracle Identity Cloud Service Groups chapters in Administering Oracle Identity Cloud Service.

  7. Click Finish, Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Verifying the Integration

Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (an identity-provider-initiated SSO) and Lucidchart (a service-provider-initiated SSO).

Verifying the Identity-Provider-Initiated SSO from Oracle Identity Cloud Service

  1. Using the https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole URL, access the Oracle Identity Cloud Service My Profile console.

  2. Log in using credentials for a user that's assigned to the Lucidchart app. Under My Apps, Oracle Identity Cloud Service displays a shortcut to Lucidchart.

  3. Click Lucidchart. The My Documents page appears.

    Note: When the user initiates SSO for the first time, the Welcome to Lucidchart window appears. Select any of the purposes listed for using Lucidchart. The Who's on your team? window appears. The user can either choose to fill in the details or close the Who's on your team? window without providing any information. The My Documents page appears.

  4. In the upper-right corner of the header menu, confirm that the user that's logged in is the same for both Lucidchart and Oracle Identity Cloud Service.

    This confirms that SSO that's initiated from Oracle Identity Cloud Service works.

Verifying the Service-Provider-Initiated SSO from Lucidchart

  1. Using the https://www.lucidchart.com/saml/sso/<Domain_Name> URL, access Lucidchart. You're redirected to the Oracle Identity Cloud Service Sign In page.

    Note: You obtained this URL while performing the steps in the "Configuring SSO and Obtaining a Bearer Token from Lucidchart" section.

  2. Log in using credentials for a user that's assigned to the Lucidchart app. The My Documents page appears.

    Note: When the user initiates SSO for the first time, the Welcome to Lucidchart window appears. Select any of the purposes listed for using Lucidchart. The Who's on your team? window appears. The user can either choose to fill in the details or close the Who's on your team? window without providing any information. The My Documents page appears.

  3. In the upper-right corner of the header, confirm that the user that's logged in is the same for both Lucidchart and Oracle Identity Cloud Service.

    This confirms that SSO that's initiated from Lucidchart works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

Lucidchart displays the message, "Your account has been disabled by your team admin or via a SCIM provider."

Cause 1: The user account assigned to Lucidchart is deactivated under the Users page in Lucidchart, and the user attempts to initiate SSO either from Oracle Identity Cloud Service or Lucidchart.

Solution 1: Ensure that the user account is activated under the Users page in Lucidchart.

Oracle Identity Cloud Service displays the message, "You are not authorized to access the app. Contact your system administrator."

Cause 1: The SAML 2.0 integration between the Oracle Identity Cloud Service Lucidchart app and Lucidchart is deactivated.

Solution 1:

  • Access the Identity Cloud Service console, select Applications, and then select Lucidchart.
  • In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The administrator revokes access for the user at the same time that the user tries to access the Lucidchart app using Oracle Identity Cloud Service.

Solution 2:

  • Access the Identity Cloud Service console, select Applications, and then select Lucidchart.
  • In the App Details section, select Users, and then click Assign to reassign the user.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.