Lightrun Single Sign-On (SSO)🔗
Required Roles
| Up to version 1.69 inclusive | From version 1.70.4 and higher |
|---|---|
ROLE_MANAGER | Company Admin |
Lightrun supports Single Sign-On (SSO) with SAML and OIDC, enabling members of your organization to log in to Lightrun using their credentials stored in your organization’s Identity Providers (IdPs).
Enabling Single Sign-On (SSO) in Lightrun streamlines the login process and minimizes the administrative burden of handling numerous user accounts and passwords across various applications. SSO enhances security by consolidating access through a unified interface with a single set of credentials.
How does SSO work in Lightrun?🔗
The authentication between Lightrun (the Service Provider) and Okta or Microsoft Entra ID (the Identity Providers) is as follows:
- The user browses to the Lightrun Management Portal URL.
- Lightrun transmits a token that includes specific user information, such as their email address, to Okta or Microsoft Entra ID, the IdPs, as part of a request to authenticate the user.
- The IdP parses the SAML or OIDC request and authenticates the user.
- The IdP then generates a SAML response, which it sends back to Lightrun.
- Lightrun, in turn, parses the SAML or OIDC response, extracting the details to establish the user’s access appropriately.
Lightrun SSO supported deployments🔗
Lightrun supports the following SSO deployment types:
- SSO using SAML or OIDC: This option is solely for authentication purposes. It allows users within the organization to securely access Lightrun using a single set of credentials.
- SSO with SCIM Provisioning: This option allows administrators to efficiently manage users from within Okta or Microsoft Entra ID, eliminating the need to handle user management in both locations simultaneously.
- SSO with JIT Provisioning: This option allows administrators to efficiently manage users from within Microsoft Entra ID, eliminating the need to handle user management in both locations simultaneously.
Get Started with SSO🔗
To start working with SSO in Lightrun, choose the following SSO type that best meets your needs:
- Set up SSO SAML with Okta
- Set up SSO SAML with Google
- Set up SSO SAML with Microsoft Entra ID
- Set up SSO SAML with Ping
- Set up SSO OIDC with Okta
- Set up SSO OIDC with Ping Identity
- Set up SSO OIDC with Microsoft Entra ID
To learn how users can log in to Lightrun, see: