Appearance
Single Sign-On (SSO)
Available on request
SSO is not self-serve. To enable it for your organisation, contact [email protected].
Single Sign-On (SSO) lets your team log in to Lumicast using your company's existing identity provider (IdP) — such as Okta, Microsoft Azure AD, or any SAML 2.0-compatible provider. No separate Lumicast password needed.
How it works
Lumicast uses SAML 2.0 for SSO. Once configured for your organisation:
- A team member goes to app.lumicast.com/login/sso and enters their work email address
- Lumicast detects the domain (e.g.
example.com) and redirects to your identity provider - The user authenticates with your IdP (password, MFA, etc. — whatever your IdP requires)
- Your IdP sends a SAML assertion back to Lumicast
- Lumicast logs the user in or creates their account automatically
Existing Lumicast accounts are matched by email address on first SSO login and linked automatically.
What Lumicast needs from you
To set up SSO, provide the following to [email protected]:
| Field | Description |
|---|---|
| Domain | The email domain that should trigger SSO (e.g. example.com) |
| Metadata URL | The URL to your IdP's SAML metadata XML (or the XML itself) |
| Issuer | Optional — your IdP's entity ID if it differs from the metadata |
What your IdP needs from Lumicast
When configuring the SAML app on your identity provider's side, use:
- ACS URL (Assertion Consumer Service):
https://api.lumicast.com/auth/saml/callback - Entity ID / Audience:
lumicast
Your IdP should send the user's email address in the SAML nameID field. First name and last name attributes are used if provided.
Logging in with SSO
Direct your team to app.lumicast.com/login/sso. They enter their work email and are redirected to your IdP automatically. The standard email/password login page still works for accounts not covered by SSO.