At Lucid, we have taken the phrase “A picture is worth a thousand words” to a whole new level. Our flagship product, Lucidchart, helps individuals and businesses to work visually. By creating flowcharts, org charts, network diagrams, ERDs, UML diagrams, and other visuals, our users drive clarity, break down complex ideas, and bring to light unexplored insights.
While Lucidchart benefits individual users, our visual productivity platform becomes even more powerful when teams work together. (After all, the lack of collaboration in other diagramming software led our founder, Ben Dilts, to create the product in the first place.) On average, teams using Lucidchart are 31% more productive and 38% more transparent. They hold 2.5 fewer meetings and send 4.6 fewer emails per week.
Once larger companies see the value that Lucidchart can provide, they often consolidate their users into an Enterprise account and roll out Lucidchart to more employees. We wanted to make the process easier for administrators to allocate their licenses and allow employees to work visually—and that’s when we developed a SCIM integration through OneLogin.
We understand that Lucidchart is just one of many cloud-based apps that our customers use every day. The reality of the modern workplace is that employees, from the moment they join an organization, need access to several applications to get any work done, which often leaves administrators bouncing from console to console to extend licenses.
SCIM provides a single interface for admins to provision multiple applications. Our SCIM integration in particular allows administrators to provide groups of employees with full Lucidchart licenses or view-only access in significantly less time.
Many of our customers used single sign-on through OneLogin, so it made sense to make them part of our first release of the SCIM integration over a year and a half ago. As Monika Gilmore, a product manager at Lucid, explained, “OneLogin was already using SCIM, so we decided that SCIM would be a great way for our customers using OneLogin sign-in to onboard faster and easier.”
How we implemented SCIM
Our first consideration when implementing SCIM was, of course, security. SCIM providers like OneLogin use bearer tokens to authenticate the application. Essentially, an Enterprise admin will log into Lucidchart and request a bearer token, we provide the bearer token in plain text over HTTPS, and the Enterprise admin will enter the bearer token into the Lucidchart app on OneLogin.
However, if a bearer token gets out, our company is unable to differentiate legitimate and illegitimate requests. To increase security, our clients can only use the bearer tokens we provide to authenticate SCIM requests, and they cannot view, edit, or delete documents based on those requests. If there’s an attack, we’ve made it so the attacker will be unable to do much damage.
As we implemented SCIM, we also faced a unique challenge regarding account types. In addition to paid licenses with full editing privileges, Lucidchart Enterprise account owners can extend view-only licenses to the entire organization free of charge. These administrators had to be able to choose whether new users were provisioned a full license or a view-only license.
To add this functionality, we created a custom field labeled “Can Edit” and a corresponding field on the OneLogin app. We instruct our users to provision all employees with Lucidchart accounts—so important company documentation can be easily available to anyone—and enable the “Can Edit” field for those who need to create documents.
For more information on how we implemented SCIM, check out this blog post from our director of software engineering.
If Lucidchart aims to simplify complex ideas and drive clarity in the modern workplace, we didn’t want to make the process of allocating licenses difficult—we’re glad that, through OneLogin and other identity providers, we’ve been able to simplify the setup process and allow companies to work visually with ease.