Learn how to Configure SSO in the Lumu MSP Portal using CyberArk by following this article.

Requirements

Before you can configure Single Sign-On (SSO) integration with the Lumu Portal using CyberArk, ensure that you have the following:

• Administrator access to your CyberArk portal.
• Lumu Support has provided you with the necessary instructions and requirements for configuring SSO with CyberArk.

CyberArk Settings

Log in to the CyberArk admin portal and do the following:

1. Click on Web Apps located in the left menu, and then click on Add Web Apps in the top-right corner.

2. On the modal window, go to the Custom tab and look for the SAML option, and click on Add.

3. Open the newly created SAML app, go to the Trust menu, gather the following information and share it with Lumu Support:

• IdP Entity ID / Issuer
  

• Download the Signing Certificate

• Single Sign On URL

4. Scroll down to the Service Provider Configuration section. Then, add the following URL https://managed.lumu.io/api/v1/users/saml/auth in the Assertion Consumer Service (ACS) URL field, and for NameID Format select emailAddress.

5. In the left-hand menu, go to Permissions and add the users who should be allowed to use the SAML application:

6. Once all configurations are complete, deploy the SAML app to make it available to authorized users.

After collecting and sharing the required information with Lumu Support, they will complete the configuration on their end. Once the SSO is fully set up, users will be able to log in to the Lumu Portal via CyberArk. keep in mind that the information you must share is listed in the step 3, and it is the following:

1. Idp Entity ID/Issuer
   
2. Downloaded Signing Certificate
   
3. Single Sing On URL

If you encounter any issues or have questions during the configuration process, contact Lumu Support for assistance.