We apologize for the last minute notice. Before it expires, Lucid will be rotating our SAML signing certificate on Sunday, February 23, 2025 at: 

U.S.: 1:00 p.m. MT
EMEA: 8:00 p.m. GMT
APAC: 7:00 a.m. AEDT

If SAML was set up between Lucid and your IdP (Okta, Microsoft Azure/Entra ID, etc.) before September 1, 2021 you may need to update the certificate if you require it for sign-in. If your account is affected and this is not resolved, some of your users may encounter issues logging into Lucid directly from https://lucid.app when the certificate expires.

You are likely impacted if ALL of the below are true:

• You set up SAML before September 1, 2021
• You are NOT utilizing Lucid’s official Okta or Microsoft Entra ID SAML app
• You configured SAML differently from Lucid’s SAML overview article
• You configured your identity provider to require SAML request signature validation
• You have not updated the request signing certificate since September 1, 2021

If all of the above are true (additional verification help and screenshots below), you will need to update the certificate – directions are provided in the How to replace your certificate section below. 

We recommend that if you think you may be impacted, that you check in your IdP to verify if you currently have a certificate enabled and require it for sign-in. We will provide example instructions for where you may access this depending on your IdP in the Verify if your account is impacted and the certificate needs to be updated section below.

How to replace your certificate

These steps require account admin or account admin access in Lucid. If you don’t have one of these admin roles in Lucid, please forward this to your IT team or create a ticket in your internal system immediately.

1. Log into Lucid.
2. Select Admin from the More menu in the bottom-left of the homepage.
3. Select App Integration from the left-hand menu.
4. Click on the SAML tile.
5. Scroll down and click Download metadata. 
6. Log into your IdP.
7. Navigate to the Lucid app in your IdP.
8. Upload the file you downloaded from Lucid into your IdP (if you are using Microsoft Entra ID or Okta, example screenshots of where this may reside are provided below).

Verify if your account is impacted and the certificate needs to be updated

Note: In order to follow these instructions, you will need admin permissions in your IdP. If you do not manage your IdP, please forward this to your IT team or create a ticket in your internal system immediately.

Microsoft Azure and Entra ID

To verify if your Microsoft Entra ID account is impacted, log in and navigate to the Lucid app. Then look for the “Verification certificates (optional)” section.  If it says “no”, there is no need to proceed. 

If it says “yes”, click Edit on the right-hand side of the section.

If the box next to “Require verification certificates” is checked, you need to follow the steps at the top of the article under How to replace your certificate.

Okta

If you used the Lucid provided app from the Okta Marketplace, it is very unlikely that you are impacted. In the versions of the official Okta apps we’ve tested, we could not upload Lucid’s signing certificate. Since setup may vary across versions, you may still want to check.

If you created a custom app in Okta, it is possible that you are impacted. You will need to follow these steps to confirm:

To verify if your Okta account is impacted, log in and navigate to the Lucid app. Then under the Edit SAML integration options, navigate to the “Configure SAML” page. From here, scroll down and look for the “Signature Certificate” section.  If there is no file uploaded here or you don’t see the option to upload a certificate, there is no need to proceed. 

If there is a file uploaded and the box is checked under “Signed requests” to validate SAML requests with signature certificates, you will need to follow the steps at the top of the article under How to replace your certificate.

Other IdPs

If you use an IdP other than Microsoft Entra ID or Okta, such as JumpCloud, Ping Identity, etc., our recommendation is that you navigate to the Lucid app from your IdP from an admin account. From there, look for the spot where you might have uploaded a signing certificate and search your IdP’s help center or community for resources. Many IdPs don’t require, and may not offer, the ability to upload signing certificates, in which case you wouldn’t be impacted.