Configuring Lucanet SAML Single Sign-On with Microsoft Entra ID/Azure

Getting Started

Global Functions

Administration

User Management

Managing the CFO Solution Platform

Managing Lucanet Licenses

Configuring External Authentication

Configuring Lucanet OIDC Authentication with Microsoft Entra ID/Azure

Configuring Lucanet SAML Single Sign-On with Microsoft Entra ID/Azure

Configuring Customizations

Generating and Downloading SEA Certificates

Exchange Rate Management

Extended Planning & Analysis (xP&A)

Consolidation & Financial Planning

ESG Reporting

Disclosure Management

XBRL Tagger

Lease Accounting

Banking & Cash Management

Data Collection

Tax Compliance & Reporting

Glossary

If you use Azure/Microsoft Entra ID as your identity provider and choose the SAML method for external authentication of the Lucanet CFO Solution Platform, you must first register Lucanet as an enterprise application in the Azure Portal/Microsoft Entra ID Admin Center.

After completing the registration and configuration in Azure Portal/Microsoft Entra ID, you can copy the authentication parameters from Azure/Microsoft Entra ID and paste them into the Lucanet CFO Solution Platform to complete the configuration of external authentication.

To create an Enterprise application for Lucanet in Azure/Microsoft Entra ID:

Open the Azure Portal or the Microsoft Entra Admin Center at https://entra.microsoft.com.

Navigate to Enterprise applications. Click + New application.

The 'Enterprise applications' workspace in Microsoft Azure is displayed. — 'Enterprise applications' Workspace in Microsoft Azure

On the displayed page Browse Microsoft Entra Gallery, click Create your own application.

The button for creating your application is displayed. — 'Create your own application' button

Enter a name for the application (e.g., Lucanet CFO Platform Authentication SAML 2) and choose Integrate any other application you don't find in the gallery (Non-gallery).

The options for creating your application are displayed. — Creating your own application

Click Create.

We recommend setting Assignment required to No in the Properties to simplify the configuration and reduce administrative effort. This allows all users in your Microsoft Entra ID organization to access the application automatically, without the need to manually assign individual users or groups.

However, if your organization requires stricter access control for security or compliance reasons, you can keep the setting at Yes.

To configure user assignment:

In the created enterprise application, navigate to Manage | Properties.

Displays the 'Properties' section under 'Manage' — 'Properties' section

Set the Assignment required toggle based on your requirements:

Click Save.

Go to the newly created enterprise application and perform the following steps to configure Single Sign-On for Lucanet in Azure/Microsoft Entra ID:

Navigate to Manage | Single sign-on.

The 'Single sign-on' workspace in Azure Portal is displayed. — 'Single sign-on' workspace in Azure Portal

Select SAML as the single sign-on method.

The option to select 'SAML' as single sign-on method is displayed. — Selecting 'SAML' as the single sign-on method

The options for the Basic SAML Configuration are displayed as followed:

The Options for Basic SAML Configuration on the 'Set up Single Sign-On with SAML' page are displayed. — Options for Basic SAML Configuration on the 'Set up Single Sign-On with SAML' page

Copy the Entity ID from the External authentication workspace in the Lucanet CFO Solution Platform.

Displays the 'External authentication' workspace in Lucanet — 'External authentication' workspace in Lucanet

Copying the 'Entigy ID' from Lucanet CFO Solution Platform

In the Basic SAML Configuration area in the Azure Portal, click Add identifier under Identifier (Entity ID).

The button for adding Entity ID in the Azure Portal is displayed. — Button for adding Entity ID in the Azure Portal

Paste the Entity ID copied from Lucanet into the corresponding field.

The Entity ID was added into the corresponding field in the Azure Portal. — Entity ID added in Azure Portal

Copy the Reply URL from the External authentication workspace in the Lucanet CFO Solution Platform.

Copying the 'Reply URL' from the Lucanet CFO Solution Platform

In the Basic SAML Configuration area in the Azure Portal, click Add reply URL under Reply URL (Assertion Consumer Service URL).

The button for adding reply URL in the Azure Portal is displayed. — Button for adding reply URL in the Azure Portal

Paste the Reply URL copied from Lucanet into the corresponding field.

Displays the 'Reply URL' area in the Azure Portal. The reply URL was added in the corresponding field. — Reply URL added in the Azure Portal

Click Save.

After configuring the enterprise application and Single Sign-On in Azure/Microsoft Entra ID, you need to retrieve specific authentication parameters and add them to the Lucanet CFO Solution Platform to complete the external authentication setup.

To configure authentication parameters for the Lucanet CFO Solution Platform:

Get the App Federation Metadata Url from Azure Portal/Microsoft Entra ID:

In the Enterprise application for Lucanet, navigate to Manage | Single sign-on | Set up Single Sign-on with SAM L. In the SAML Certificates area, copy the App Federation Metadata Url.

The 'SAML Certificates' area in the Azure Portal is displayed. The value of 'App Federation Metadata Url' is copied. — Copying App Federation Metadata URL

Add the App Federation Metadata Url to the Lucanet CFO Solution Platform:

In the Lucanet CFO Solution Platform, navigate to the External authentication workspace.

Paste the App Federation Metadata Url into the Metadata document URL field.

Displays the 'Metadata document URL' field in Lucanet — 'Metadata document URL' field in Lucanet

Get the Attribute value from Azure Portal/Entra ID Admin Center:

In the Enterprise application for Lucanet, navigate to Manage | Single sign-on | Set up Single Sign-on with SAML.

In the Attributes & Claims area, click Edit. The Attributes & Claims page will be displayed as follows, for example:

The 'Attributes & Claims' page in the Azure Portal is displayed. The row with the 'user.mail' value is selected. — 'Attributes & Claims' page in the Azure Portal

In the Additional claims area, click the row with the value user.mail. The Manage claim page will be displayed as follows, for example:

The 'Manage claim' page with the claim 'Name' and the 'Namespace' is displayed. — 'Manage claim' page with the claim 'Name' and the 'Namespace'

Copy the Namespace field value and the Name field value. Combine them to create the Attribute value using the following structure:

Namespace/Name

Example in the screenshot above:

Namespace

: http://schemas.xmlsoap.org/ws/2005/05/identity/claims

Name

: emailaddress

Attribute

: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Add the Attribute value to the Lucanet CFO Solution Platform:

In the Lucanet CFO Solution Platform, navigate to the External authentication workspace.

Paste the Attribute value into the Attribute field.

Displays the 'Attribute' field in Lucanet — 'Attribute' field in Lucanet

Attention: The e-mail address of a user on the Lucanet CFO Solution Platform must be identical to the e-mail address in Azure/MS Entra ID. The upper and lower case of e-mail addresses must match exactly.

You can find additional information on how to use the parameters when configuring the external authentication for the Lucanet CFO Solution Platform with the SAML method in the section Configuring SAML in Configuring External Authentication.