Lucid offers user provisioning/de-provisioning and group management of users and groups on an enterprise account via our SCIM REST API.

The purpose of this post is to provide instructions on how to configure Sailpoint SCIM to work with Lucid. This is not an officially supported IdP, so you may notice that the instructions may become outdated over time.

Before proceeding with the steps in this guide, please refer to the Lucid SCIM API instructions to enable SCIM for your account.

Enable SCIM in the Lucid:

1. Navigate to the Admin Panel.
2. Click App Integration > SCIM > Settings.
3. Generate a bearer token. You will come back and copy this token later.
   1. If you are unable to generate a bearer token, please see the instructions on your screen for details.

Create organizational groups in the Lucid:

1. Navigate to the Admin Panel.
2. Navigate to Groups > Organizational Groups.
3. Click + New organizational group and create the following groups:
   1. Lucid Licensed Users
   2. Lucid Delicensed Users
4. Navigate to License Settings.
5. Set the following settings to each respective organizational group:
   1. Your default organizational group (this will have the name shown in the top left of your Admin Panel):
      1. Access eligibility: “Eligible for full-access”
      2. Customized eligibility criteria: “Admin-controlled access”
   2. Lucid Licensed Users group
      1. Access eligibility: “Eligible for full-access”
      2. Customized eligibility criteria: “Instant access”
   3. Lucid Delicensed Users group
      1. Access eligibility: “Only eligible for limited access”
6. Click Save for each of these setting changes.
7. Navigate to App Integration > SCIM > Settings.
8. Find the setting to “Exclude a group from your identity provider” and click Edit.
9. Type the name of your default organizational group. This can be found in the top left corner of the Admin Panel. Click Save.
10. Navigate to Groups > Organizational Groups.
11. Select the Lucid Licensed Users group.
12. Click Manage next to Members.
13. Assign all users that need a Lucid Suite license to the Lucid Licensed Users group.

Create Connection in Sailpoint:

1. Navigate to the admin console.
2. Click Connections > Sources.
3. Select Create New.
4. Search for and select the SCIM 2.0 SaaS source type and then select Configure.
5. Enter the following information:
   1. Source Name – Enter a name for the new source. We recommend including Lucid somewhere in the name.
   2. Description – Enter a description for the new source to help distinguish it from similar sources.
   3. Source Owner – Begin typing the name of an owner. Matches appear after you type two or more letters.
   4. Governance Group (Optional) – Select an optional governance group from the dropdown list.
6. Select Continue.
7. Within the Connection, navigate to Connection Settings.
8. In the Base URL field, enter the Lucid Base URL: https://users.lucid.app/scim/v2
   1. If you are on the Lucid Gov server, your base URL will be https://users.lucidgov.app/scim/v2
9. Under Authentication Type, select “API Token”.
10. Enter the Bearer Token generated in Lucid under Admin > App Integration > SCIM Settings.
11. Select Save.
12. Select Test Connection.
13. If your test was successful, begin Account or Entitlement Aggregation.