Setup an external SAML2 Identity Provider
Setting up an external SAML login with any third-party identity provider requires establishing a trusted relationship between Fusion and the third-party identity provider.
Configuring Fusion with an external SAML2 Identity Provider (IdP)
Following these steps will enable you to setup an external OIDC identity provider with Strivacity (and your application).
1) Start by logging into the Admin Console using an admin account.
2) From the left-hand menu, select External Login, then Enterprise Login
3) From the Enterprise Login screen, click the + Create Enterprise Login button from the top right hand corner.
4) From the Create Enterprise Login Provider screen click the SAML icon, as shown below:
5) The Create SAML Login Provider screen will now be displayed.
The table below provides guidance on how to complete and use these fields on the General tab:
|Name||Define a name for this Enterprise OIDC Login Provider. This name is used to refer to this provider throughout Strivacity.|
|Description||Define a description to help other admins understand what this provider is used for.|
|Entity ID||The Entity ID is automatically generated when you save the Application at the end of this process. This is the primary identifier used by your application to trust Fusion when it performs any services on its behalf (such as authentication). This is public.|
|Login Button Text||This is the text that is displayed on the login button on the log-in screen. If no custom text is displayed here then the name will be used.|
|URL||Set the URL to load SAML XML Metadata from. This URL must be publicly accessible via the desired IdP.|
|File||Upload a file to load SAML XML Metadata. This file is typically obtained from the desired IdP's admin interface.|
|Metadata Preview||Presents a high level preview of the SAML XML Metadata that was loaded. This is useful for double checking that the desired IdP's Metadata has been loaded properly.|
|Force Authentication||Instruct the desired IdP to force user interaction and not reuse authentication state from a previous authentications (sets ForceAuthn to true in the SAMLRequest).|
|NameID Format||Specify the Name Identifier Format that will be presented within the SAMLRequest. This is a hint to the IdP as to how the primary identifier will be formatted.|
|Protocol Binding||Determine if the SAML parameters are sent as a query string, or in the body of a POST. These settings typically must be agreed upon between the IdP and SP configuration settings.|
|Customer Data Handling||If you choose to synchronize and store any profile data at each login, then Fusion will retrieve and store this information which will be visible to the customer in the My Account page and to any admins when managing the customer identity.|
6) Once completed, click the Save button. You will now be able to view the Claim Mappings tab, and edit and add any additional claims for this SAML2 integration.
7) Once you've made any changes to Claim Mappings, you're ready to copy the EntityID from your third-party application, and paste the respective values into the ClientID and Client Secret fields. Click Save.
Fusion will use the User (Read) attributes of the customers profile. If you choose to synchronize and store any account profile data at each login, then Fusion will retrieve and store this information which will be visible to the customer in the My Account page, and to any admin's when managing the customer identity.
Updated 15 days ago