LUSID supports Single Sign-on (SSO) from any SAML 2.0-compatible identity provider.
This means that:
- Users can authenticate to LUSID without specifying new credentials.
- You retain control over authentication standards (MFA, password policies, and so on).
- Users can be managed in existing systems rather than created anew in LUSID.
- Existing groups can be automatically assigned to roles in LUSID to grant permissions.
To do this:
- Contact Technical Support in the first instance to set up your domain for SSO and to discuss requirements and options.
- Choose either:
- Just-in-time provisioning. A LUSID user account is automatically created on sign in for the first time but note this LUSID user is not automatically deleted so you will need to delete it yourself if the person leaves your organisation.
- SCIM provisioning. LUSID user accounts are automatically created and deleted but your choice of identity providers is currently restricted to:
- Okta. See how to set this up.
- Azure Active Directory (Azure AD). For more information, follow Microsoft's instructions on setting up SSO for LUSID and then configuring user provisioning for LUSID.