Integrate your Lucid Enterprise account with Ping Identity to enable your users to authenticate using SAML single sign-on (SSO) through your identity provider (IDP). These setup instructions are applicable to the Ping Identity products: PingID, PingOne, and PingFederate, but for the sake of this article, we'll refer to it simply as Ping.

The purpose of this post is to provide instructions on how to configure Ping SAML to work with Lucid. This is not an officially supported IdP, so you may notice that the instructions or screenshots in Ping may become outdated over time.

Before proceeding with the steps in this guide, please refer to the Lucid SAML authentication instructions provided in the Configuring SAML with unofficially Supported IdPs post.

To configure Ping to work with Lucid, follow these steps:

1. Log into your Ping Identity account.
2. Navigate to your Ping Identity Admin console.
3. Select Your Environment.
4. Click Connections.
5. Click on the Applications drop-down menu
6. Select Applications
7. Click the + icon.
8. Enter a name for your application. This can be something similar to “Luicd SSO for Ping”.

   

    

9. Select Manually Enter.
10. Click Configure.
11. Click the +Add to create a second ACS URLs field.
12. Using the value you added to the domain field in Lucid from step #5 of the Configuring SAML authentication post, add it to the end of the following two URLs
    • https://lucid.app/saml/sso/YOURDOMAIN
    • https://www.lucidchart.com/saml/sso/YOURDOMAIN
13. Enter these URLs into the ACS fields in Ping.
14. Add the default value of lucidchart.com in the Entity ID field. 
15. Click Save.

    

     

16. Click on the Configuration Tab.
17. Click Download Metadata. This will download an XML file to your computer to be uploaded in Lucid.

Return to Lucid:

1. Navigate to the Admin Panel.
2. Click App integration.
3. Select SAML.
4. Click Settings 
5. Click + Add identity provider
6. Upload the downloaded XML metadata file from step #17 of the section above.

If you would like to see more detailed instructions, reference step #7 of Configuring SAML with unofficially Supported IdPs.

Return to the Ping:

1. Click Access.

2. Click the pencil icon.
3. Search for the group you want to add that will use this SSO application to sign into Lucid. 
4. Once you find the group, select the check box next to it.
5. Click Save.
6. Enable the application by toggling the switch at the top of the page.
7. Select the Access tab.
8. Ensure that either the admin or a group you belong to has been assigned to this application within PingIdentity.

Testing your SAML Connection

After you have completed the configuration steps in Lucid and in your IdP, in Lucid click on Test SAML Connection to ensure the configuration is correct. If the test says OK, then SAML has been configured correctly.

If you would like to see more detailed instructions on how to test your SAML connection, reference the Configuring SAML with unofficially Supported IdPs post.