Hey Lucid Community!

Are you looking to streamline user onboarding and ensure your team members gain access to Lucidchart and Lucidspark seamlessly? Look no further than Just-In-Time (JIT) Provisioning!

JIT provisioning automatically creates user accounts in Lucid the first time a user attempts to log in via your configured Single Sign-On (SSO) provider. This eliminates the need for manual account creation and keeps your user management efficient.

However, to truly leverage the power of JIT, it's crucial to ensure that users are created with the correct information right from the start – specifically their first name, last name, and email. Incorrect or missing data can lead to confusion, collaboration issues, and administrative overhead.

Here are some general guidelines and best practices to ensure your JIT provisioning creates users with the proper values:

1. Leverage SAML Attributes:

• The Key to Accuracy: The most reliable way to pass user information to Lucid during JIT provisioning is through SAML (Security Assertion Markup Language) attributes configured within your Identity Provider (IdP).
• Map Correctly: Ensure that the attributes in your IdP that hold the user's first name, last name, and email address are correctly mapped to the corresponding fields in your Lucid account's SSO configuration.
• Common Attribute Names: While attribute names can vary depending on your IdP, you will want the attributes to be as follows:
  • First Name: User.FirstName
  • Last Name: User.LastName
  • Email: User.Email
• Consult Your IdP Documentation: Each IdP (e.g., Okta, Azure AD, Google Workspace) has its own specific way of configuring SAML attributes. Refer to your IdP's documentation for detailed instructions on how to define and map these attributes.

2. Configure Lucid SSO Settings:

• Attribute Mapping in Lucid: Within your Lucid admin panel, when configuring SSO, you'll have the opportunity to map the SAML attributes received from your IdP to the corresponding Lucid user fields.
• Verify Mappings: Double-check that the attribute names you configured in your IdP exactly match the attribute names you've entered in Lucid's SSO settings. Even a small typo can prevent the information from being passed correctly.
• Username Considerations: Pay close attention to the username mapping. Lucid might have specific requirements for usernames (e.g., uniqueness, format). Consider if you need to transform the username attribute from your IdP to meet these requirements. Some IdPs allow for attribute transformations or you might need to have a clear policy for handling potential username collisions.

3. Test Thoroughly:

• Pilot Users: Before rolling out JIT provisioning to your entire organization, test with a small group of pilot users.
• Verify User Creation: After a pilot user logs in for the first time, verify that their Lucid account has been created with the correct name, email, and username.
• Troubleshooting: If the information isn't being passed correctly, review your IdP's SAML assertion and your Lucid SSO configuration to identify any discrepancies in attribute mapping.

4. Communicate with Your Team:

• Set Expectations: Inform your users about the new onboarding process and the importance of having their information accurate in your organization's directory service (which feeds your IdP).

By following these guidelines, you can ensure that your Just-In-Time provisioning process in Lucid creates users seamlessly with the accurate information they need to hit the ground running and collaborate effectively.

Have you successfully implemented JIT provisioning in Lucid? Share your tips and experiences in the comments below!

#Lucidchart #Lucidspark #JITProvisioning #SSO #UserManagement #Productivity #Collaboration #TipsAndTricks