First 24 Hours (F24H) Wizard (For Tenant Administrator)

When creating your Lazsa Platform tenant, Calibo designates a Tenant Administrator by using the email address you provide. This Tenant Administrator becomes the first user to sign in to Lazsa's First 24 Hours (F24H) Wizard . A Tenant Administrator is responsible for the initial setup of an organization's Lazsa Platform environment by using the F24H Wizard. This involves configuring user authentication, adding users to the platform, and assigning one or more administrators to manage the platform.

To complete the configuration in the F24H Wizard, follow these steps. Expand each dropdown to read the details.

After you sign up for a Lazsa account (Trial or Production subscription), you (as a Tenant Administrator) receive a welcome email on your registered email address. The email asks you to verify your email address.

Verify your registered email address

Click the Verify Email Address button.

After your email address is verified, the process of your tenant creation is initiated. This may take some time.

After your tenant is created successfully, you receive a notification email with a link to create your Lazsa Platform password.

Email with a link to set Lazsa Password

  1. Click Reset Password. This takes you to the screen to set a password for your Lazsa Platform account.

  2. Enter a strong password and retype it to confirm.

    Your password must meet the following requirements:

    • It must be 8 to 20 characters long.

    • It must contain at least:

      • One numeric digit (0-9).

      • One uppercase letter (A-Z).

      • One lowercase letter (a-z).

      • One special character from the following: !@#$%^&()+=*.

  3. Click Create New Password.

    This takes you to the sign-in screen of the Lazsa Platform. Do the following:

    1. Enter your registered email address and click Proceed.

    2. Enter your password, and click Sign In.

      You can use the Forgot Password link to reset your password.

After you sign in to the Lazsa Platform, read and accept the End User License Agreement (EULA).

Accept End User License Agreement

Accepting EULA takes you to the welcome screen of the First 24 Hours (F24H) wizard. As a Tenant Administrator, you perform the initial configuration tasks in the F24H wizard to set up the Lazsa Platform for you and other users in your organization. These tasks include configuring single sign-on (SSO) for the Lazsa Platform by using your preferred identity provider, importing users from your IdP or adding them manually to the Lazsa Platform, and choosing one or more Tenant Administrators.

On the welcome screen of the F24H Wizard, click Get Started.


As a first step, select the type of user authentication you want to use when users sign in to the Lazsa Platform. Choose between Federated Authentication and Platform-Managed Authentication and then click Proceed. Federated Authentication allows you to integrate an external identity provider, such as Microsoft Active Directory or Azure Active Directory, to manage user authentication via Single Sign-on (SSO). Alternatively, with Platform-Managed Authentication, Lazsa handles the entire authentication process directly.

Based on the authentication type you choose, refer to the steps mentioned in the respective sections. Expand each dropdown to read the details:

Selecting type of authentication in F24H Wizard

In this authentication method, users can sign in to the Lazsa Platform by using credentials managed by an external identity provider (such as Microsoft Active Directory or Azure Active Directory). Once the user’s identity is verified by the external identity provider and user authentication is successful, the user gets access to the platform without needing any separate credentials. This approach relies on establishing a trust relationship between the platform and the identity provider, allowing for secure Single Sign-On (SSO).

Currently, we support the following identity provider solutions. Choose your configured identity provider, click Proceed, and based on your selection, perform the steps as mentioned in the respective sections.

Choose identity providerto configure SSO

Before you configure user authentication by using Microsoft Active Directory, make sure you complete the following prerequisites:

Download the AD FS Federation Metadata XML document from the AD FS management console

To configure SSO using Microsoft Active Directory, you need the Active Directory Federation Services (AD FS) Federation Metadata XML document. This document contains all the information required by the Lazsa Platform to contact the AD FS server. To download the federation metadata XML, do the following:

  1. Sign in to the ADFS server and open the management console.

  2. In the AD FS folder in the left pane, expand Services and click Endpoints.

  3. In the Metadata section, locate the entry of the type Federation Metadata with the URL path ending in /federationmetadata/2007-06/federationmetadata.xml. Copy this URL.

  4. Append your domain to the copied URL. The URL format should look like this: https://{domain-name}/federationmetadata/2007-06/federationmetadata.xml

  5. Paste the adjusted URL into a browser’s address bar and press Enter.

  6. Download the file and save it to your computer.

To configure user authentication by using Microsoft Active Directory, do the following:

In this section, you enable Single Sign-on (SSO) by providing the SAML configuration details of Microsoft Active Directory. This allows users to securely sign in to the Lazsa Platform by using their existing credentials via SSO. Do the following:

  1. Configure SSO by using one of the following options:

    • Configure Manually
      Enter the following parameters manually:
      • Single Sign-on Service URL: The URL where authentication requests are sent.
      • Single Logout Service URL: The URL to handle single logout requests.
      • X.509 Certificate: The certificate that validates SAML messages from Microsoft Active Directory.

        • Enter SAML Configuration Details Manually

    • Import from URL
      Enter the URL of the AD FS Federation Metadata XML file and click Import. Details such as your Single Sign-on Service URL, Single Logout Service URL, and X.509 Certificate are auto-populated after you import the XML file.

      Import SAMLConfiguration Details from URL

    • Import from IdP Metadata File
      Upload the AD FS Federation Metadata XML document and click Import. Details such as your Single Sign-on Service URL, Single Logout Service URL, and X.509 Certificate are auto-populated after you import the document.

  2. Click Proceed.

You can either import users from Microsoft Active Directory via LDAP or manually add users to the platform. On the Import/Add users screen, do one of the following:

Import users from Active Directory or add them manually

  1. Click Import Users
    On the Import/Add Users screen, click Import Users and then click Proceed.

    Note:

    Before you try importing users from Microsoft Active Directory, make sure you are connected to your enterprise Virtual Private Network (VPN).

  2. Provide LDAP Connection Details
    Enter the following details to establish the connection:

    • LDAP Server Address: The IP address or host name of your organization's LDAP server.

    • Bind DN: The Distinguished Name (DN) that is used to bind and authenticate with the LDAP server.

    • Bind Password: The password for the Bind DN.

  3. Test the LDAP Connection
    Click Test Connection to validate the connection details that you have configured. This ensures that Lazsa can communicate with your Active Directory and fetch user data.

  4. Configure & Import Users
    Click Configure & Import Users to proceed.

  5. Select Users to Add to the Platform
    A list of users imported from Microsoft Active Directory is displayed. Select the appropriate boxes for the users you want to add to the Lazsa Platform. In the search box, you can search for a user by their name or email address. Additionally, you can apply a country filter to narrow down the results.
    Select users to add to the Lazsa Platform

    Note:

    A user can be activated only on one Lazsa Platform tenant at a time. If a user is already activated on another tenant, you cannot select them. To add the user to a new tenant, you must first deactivate or offboard them from their current tenant.

    After you select all the intended users, click Proceed. It's time to choose Tenant Administrators.

 

To add users manually, do the following:

  1. On the Import/Add Users screen, click Add Users Manually, and click Proceed.
  2. On the Specify Your Domain screen, enter the domain name for which you have configured SSO.
    If you enter any other domain here, SSO for the Lazsa Platform will fail.
  3. Click Proceed.
  4. On the Add Users to the Platform screen, click Add Users.
  5. In the side drawer, enter the user details, including their first name, last name, a valid email address, and select the country. Then, click Add.

    Adding users manually in F24H Wizard

  6. After you add all the intended users, click Proceed. It's time to choose Tenant Administrators.

On the Select Administrators screen, in the search box, you see all the users that you added in the previous step. Start typing the name of the user you want to designate as a Tenant Administrator. After you select all the intended administrators, click Add to the Platform.

Select platform administrators from the list of chosen users

The Platform Users screen displays the list of all the administrators and users you chose to add to the Lazsa Platform in the previous steps. The details such as each user's name, email address, and country are displayed. The Status column indicates whether the user was successfully added or if there was an issue. In case of failure, review the error messages and take the necessary action.

You can go back to the previous screen to make any changes or click Configure to finish adding users to the Lazsa Platform.

List of Lazsa Platform administrators and users

After you click Configure in the previous step, the SSO configuration in the Lazsa Platform interface is complete and the federation metadata file is available for download.

To complete the SSO configuration in Microsoft Active Directory, download and save the federation metadata XML file.

Create a relying party trust in the Active Directory Federation Services (AD FS) Management Console by using the downloaded XML file. This establishes a trust relationship between the Lazsa Platform and your Active Directory Federation Services (AD FS) instance. This trust allows AD FS to authenticate users on behalf of the Lazsa Platform. For more details, see Creating a Relying Party Trust in the AD FS Management Console.

  1. After you create the AD FS relying party trust for the Lazsa Platform successfully, on the screen from where you downloaded the federation metadata XML file, in the Validate Single Sign-on section, click Validate.

    Click Validate to initiate SSO validation

  2. This takes you to the Lazsa Platform sign-in screen. Use SSO credentials for user authentication. After a successful authentication redirection and SSO validation, the following success message is displayed.

    SSO validation successful for Lazsa Platform

  3. Return to the SSO configuration screen and click the Refresh icon to complete your SSO configuration.

  4. After you see the message confirming that your SSO validation is successful, click Finish to complete the configuration in the F24H wizard.

    5. Note:

    After you click Finish and exit the F24H wizard, the credentials using which you signed in to the F24H wizard will not work anymore. The administrator that you selected in the earlier step can sign in to the Lazsa Platform by using SSO credentials, add more users to the platform, and perform other administrative tasks.

Before you select this option, make sure you complete the following prerequisites:

  • Azure Active Directory is configured

    Azure AD must be set up and linked to your organization’s cloud environment. This involves creating a directory in the Azure AD portal and integrating it with your organization's identity management processes.

  • Application is registered in the Azure AD portal

    You need to register Lazsa as an application in Azure AD. This process generates a unique application identity, which allows Lazsa to interact securely with Azure AD for authentication purposes. During registration, you need to define settings like redirect URIs, permissions, and user assignments.

  • Fetch Tenant ID, Client ID, and Client Secret of the registered application from Azure AD portal

    • Tenant ID: A unique identifier for your Azure AD directory (tenant). This value is needed to establish a connection between Lazsa and your Azure AD instance.

    • Client ID: Also known as the application ID, this is generated when you register your application in Azure AD. It uniquely identifies the registered application.

    • Client Secret: This is a secret key generated in Azure AD that acts like a password for the application. It’s required to authenticate Lazsa during the SSO process.

  • Add mandatory API permissions to the application in Azure AD:

    • User.Read (Default): This permission allows Lazsa to read the basic profile information of the signed-in user (such as name and email).

    • User.Read.All (Type – Application): This permission is required for Lazsa to read the profiles of all users within the Azure AD directory. It is essential for managing user access and importing users into the Lazsa platform.

To configure user authentication by using Azure Active Directory, do the following:

  1. On the Configure Azure Active Directory screen, enter the values for the following fields that you fetched in the Prerequisites section:

    • Tenant ID
    • Client ID
    • Client Secret
      Configuring Azure Active Directory connection details
  2. Click Test Connection to validate the connection details that you have configured.
  3. Click Proceed.

You can either import users from Azure Active Directory or manually add users to the platform. On the Import/Add users screen, do one of the following:

  1. Click Import Users
    On the Import/Add Users screen, click Azure Active Directory, and then click Proceed.

  2. Select Users to Add to the Platform
    A list of users imported from Azure Active Directory is displayed. Select the appropriate boxes for the users you want to add to the Lazsa Platform. In the search box, you can search for a user by their name or email address. Additionally, you can apply a country filter to narrow down the results.

    Select users to add to the Lazsa Platform

    Note:

    A user can be activated only on one Lazsa Platform tenant at a time. If a user is already activated on another tenant, you cannot select them. To add the user to a new tenant, you must first deactivate or offboard them from their current tenant.

    After you select all the intended users, click Proceed. It's time to choose platform administrators.

To add users manually, do the following:

  1. On the Import/Add Users screen, click Add Users Manually.

    Add Azure Active Directory users manually
  2. On the Specify Your Domain screen, enter the domain name for which you have configured SSO.

    If you enter any other domain here, SSO for the Lazsa Platform will fail.
  3. Click Proceed.

  4. On the Add Users to the Platform screen, click Add Users.
  5. In the side drawer, enter the user details, including their first name, last name, a valid email address, and select the country. Then, click Add.
    Enter user details to add them manually

    Note:

    A user can be activated only on one Lazsa Platform tenant at a time. If a user is already activated on another tenant, you cannot add them. To add the user to a new tenant, you must first deactivate them from their current tenant.


  6. After you add all the intended users, click Proceed. It's time to choose platform administrators.

On the Select Administrators screen, in the search box, you see all the users that you added in the previous step. Start typing the name of the user you want to designate as an administrator. After you select all the intended administrators, click Add to the Platform.

The Platform Users screen displays the list of all the administrators and users you chose to add to the Lazsa Platform in the previous steps. The details such as each user's name, email address, and country are displayed. The Status column indicates whether the user was successfully added or if there was an issue. In case of failure, review the error messages and take the necessary action.

You can go back to the previous screen to make any changes or click Configure to finish adding users to the Lazsa Platform.

List of Lazsa Platform administrators and users

After you click Configure in the previous step, the SSO configuration in the Lazsa Platform interface is complete and a redirect URI is available. Copy this URI and add it to the registered application (mentioned in the prerequisites) in the Azure Active Directory portal. It is the Lazsa Platform URL where Azure Active Directory must send authentication responses after successfully verifying a user’s identity. After you add the redirect URI to Azure AD, the SSO setup is complete.

  1. After you add the redirect URI to your registered app in Azure AD, come back to the Lazsa F24H Wizard screen from where you copied the redirect URI, and in the Validate Single Sign-on section, click Validate.

    Click Validate to initiate SSO validation

  2. This takes you to the Lazsa Platform sign-in screen. Use SSO credentials for user authentication. After a successful authentication redirection and SSO validation, the following success message is displayed.

    SSO validation successful for Lazsa Platform

  3. Return to the SSO configuration screen and click the Refresh icon to complete your SSO configuration.

  4. After you see the message confirming that your SSO validation is successful, click Finish to complete the configuration in the F24H wizard.

    5. Note:

    After you click Finish and exit the F24H wizard, the credentials using which you signed in to the F24H wizard will not work anymore. The administrator that you selected in the earlier step can sign in to the Lazsa Platform by using SSO credentials, add more users to the platform, and perform other administrative tasks.

If you choose this option, the Lazsa Platform manages user authentication for you. Do the following:

  1. On the Add Domains screen, add the domains from which you want to add users to the Lazsa Platform.



    Specify domains from which you want to add users to Lazsa

  2. Click Proceed.

  3. On the Add Users screen, click Add Users Manually, and then click Proceed.

  4. On the Add Users to the Platform screen, click Add Users.

  5. In the side drawer, enter the user details, including their first name, last name, a valid email address, and select the country. Then, click Add.


    Note:

    The email address of a user must belong to the domain you specify earlier. This restriction ensures that only users from approved domains can be added to the platform.



    Note:

    A user can be activated only on one Lazsa Platform tenant at a time. If a user is already activated on another tenant, you cannot add them. To add the user to a new tenant, you must first deactivate or offboard them from their current tenant.


  6. After you add all the intended users, click Proceed. It's time to select administrators.

  7. On the Select Administrators screen, in the search box, you see all the users that you added in the previous step. Start typing the name of the user you want to designate as an administrator. After you select all the intended administrators, click Add to the Platform.

  8. The Platform Users screen displays the list of all the administrators and users you chose to add to the Lazsa Platform in the previous steps. The details such as each user's name, email address, and country are displayed. The Status column indicates whether the user was successfully added or if there was an issue. In case of failure, review the error messages and take the necessary action.

    You can go back to the previous screen to make any changes, or click Configure to finish adding users to the Lazsa Platform

  9. Click Finish.

    With this, the configuration for user authentication managed by the Lazsa Platform is complete.

    Note:

    After you configure the platform-managed user authentication, the credentials using which you signed in to the F24H wizard will not work anymore. The administrator that you selected in the earlier step receives an email to create a password for their Lazsa Platform account. With this password, the administrator can sign in to the Lazsa Platform, activate the users already added through the F24H Wizard, add other users to the platform, and perform the other administrative tasks.

With these steps, you can complete the initial configuration for your Lazsa Platform tenant. After this configuration is complete, users can sign in to the Lazsa Platform using SSO credentials or dedicated platform credentials, depending on the authentication options configured in the F24H Wizard. Tenant Administrators can get started with administrative tasks such as adding and activating more users, creating and managing roles, configuring global settings, creating and managing teams, and configuring cloud platforms, tools, and technologies required by teams for product development and data engineering, among others. Depending on the roles assigned by the administrator, other users can start working on product development tasks, building data pipelines, working with release trains and monitoring dashboards , among others.

Related Topics Link IconRecommended Topics

What's next? Platform Setup