Skip to content

Lightrun Single Sign-On (SSO)

Permissions

Only users with ROLE_MANAGER permissions can perform these actions.

Lightrun supports Single Sign-On (SSO) with SAML, enabling members of your organization to log in to Lightrun using their credentials stored in your organization’s Okta or Microsoft Entra ID (formerly known as Azure AD) Identity Providers (IdPs).

Enabling Single Sign-On (SSO) in Lightrun streamlines the login process and minimizes the administrative burden of handling numerous user accounts and passwords across various applications. SSO enhances security by consolidating access through a unified interface with a single set of credentials.

How does SSO work in Lightrun?

The authentication between Lightrun (the Service Provider) and Okta or Microsoft Entra ID (the Identity Providers) is as follows:

  1. The user browses to the Lightrun Management Portal URL.
  2. Lightrun transmits a token that includes specific user information, such as their email address, to Okta or Microsoft Entra ID, the IdPs, as part of a request to authenticate the user.
  3. The IdP parses the SAML request and authenticates the user.
  4. The IdP then generates a SAML response, which it sends back to Lightrun.
  5. Lightrun, in turn, parses the SAML response, extracting the details to establish the user’s access appropriately.

Lightrun SSO supported deployments

Lightrun supports the following SSO deployment types:

  • SSO using Okta: This option is solely for authentication purposes. It allows users within the organization to securely access Lightrun using a single set of credentials.
  • SSO with SCIM Provisioning: This option allows administrators to efficiently manage users from within Okta or Microsoft Entra ID, eliminating the need to handle user management in both locations simultaneously.
  • SSO with SAML JIT Provisioning: This option allows administrators to efficiently manage users from within Microsoft Entra ID, eliminating the need to handle user management in both locations simultaneously.

Get Started with SSO

To start working with SSO in Lightrun, choose the following SSO type that best meets your needs:

To learn how users can log in to Lightrun, see:

Last update: November 19, 2024