Setup a SAML2 Integration
Learn more about how to setup a SAML integration with Fusion, providing your customers single-sign-on to any other applications that you may want them to use.

Learn How To:

1) Setup an Application Policy within Fusion (using SAML2)

To create an Application, follow these simple steps.
1) Start by logging into the Admin Console using an admin account.
2) From the left-hand menu, select Applications.
3) If you're just getting started with Fusion then the applications list will be empty. If any existing applications have been configured then they will be listed here.
4) To create a new application, click + Create Application button from the top right hand corner as shown below:
Click to enlarge
5) The Create Application page will now be displayed, as shown below:
Click to enlarge
6) The table below provides guidance on how to complete the General fields required to create an application. After completing these fields, you will also need to complete Application settings for either OAUTH2/OIDC or SAML. For more information on SAML see Setup a SAML Integration.
Field Name
Description
Name
Define a name for this application. This name is displayed in the Applications listing and used to refer to this Application throughout Fusion.
Description
You can use this field to add any description or useful information that you may need for your Application.
7) Next, you have the option to complete the Application Properties fields that are required to create an SAML Application integration. Because Fusion comes provided with many default best practices, it is possible to only configure the Website URL field and click the Save button to complete setup of your application.
The table below provides guidance on how to complete these fields:
Field Name
Description
Identity Store
Here is where you can choose which Identity Store you would like to use with this application. This is where any customer identities will be created and stored, or would authenticate from.
Adaptive MFA Policy
Here is where you can choose which Adaptive MFA Policy you would like to use with this application. See Setup and Manage Adaptive MFA for more information on creating your own.
Self-Service Policy
Here is where you can choose which Self-Service Policy you would like to use with this application. See Setup and Manage Self-Service for more information on creating your own.
Branding Policy
Here is where you can choose which Branding Policy you would like to use with this application. See Using Your Own Logo and Color Scheme for more information on creating your own branding policy.
Notification Policy
Here is where you can choose which Notification Policy you would like to use with this application. See Setup and Manage Notification Policies for more information on customizing your own customer notifications.
Website URL
This is an optional field where you can specify the URL to a page in your website or application that the customer is redirected back to using the 'Back to Website' links through the customer facing user interfaces.
8) Next, if necessary you can change the session inactivity timeout. At 168 hours (7 days) by default, this is the length of time that the customers session will persist without activity. After this duration, the customer will be forced to re-authenticate using their password.
9) Next, you can optionally choose to select any Social and Identity Providers for us with this application. See Setup and Manage Social Logins for further information on how to set them up.
10) Lastly, you can choose to configure any Consent Management options for this Application. For further information on setting up Consent Statements see Creating a Consent (if you do not have any created yet) or Assigning a Consent to an Application.
11) Once you've made any configuration changes to the Application Properties, click 'Save' to move on to configuring the SAML specific Application settings below.

Setup SAML2 Application Properties

1) Next, click the SAML2 Tab. The SAML2 Application properties screen will be displayed, as shown below:
Click to enlarge
Here is where you will complete all of the SAML2 specific settings for integration with your SAML2 Application. To configure SAML2 for this application, select 'Enabled'.
2) The table below provides guidance on how to complete these fields:
Field Name
Description
Entity ID
The Entity ID is automatically generated by Fusion when you save the Application at the end of this process. This is the primary identifier used by your application to trust Fusion when it performs any services on its behalf (such as authentication). This is public.
Enabled
The Client Secret is automatically generated by Fusion when you save the Application at the end of this process. This is a secret used by your application to trust Fusion when it performs any services on its behalf (such as authentication). This should be kept private.
Assertion Consumer Service (ACS) URLs
The ACS URL is the endpoint on the application (Service Provider) where the Fusion (the Identity Provider) will redirect to with its authentication response.
Default ACS URL
Fusion uses RS256 as the default algorithm for signing the JSON Web Tokens (JWTs). RS256 generates and uses and asymmetric signature.
Login URL
Here is where you configure the landing page for your application. This is where the user will end up once they finish logging in through Strivacity Fusion. For example https://yourwebsite/loginpage. Note: The Fusion hosted login page is not an entry point to the customer authentication flow.
Dialect
Here is where you can specify the claim dialect that is used by this Application. Depending on the SAML2 application and its preferred claim mapping you will need to select urn:oasis:names:tc:SAML2:2.0:attrname-format.ur or http://schemas.xmlsoap.org/ws/2005/05/identity. If you are unsure, please consult the application owner/vendor.
Metadata
Here you can download the Metadata for this Identity Provider. Some applications (Service Providers) may request this information when setting up with Fusion.
3) Once you have completed all of these fields, click Save to complete the setup of the Application policy for your SAML2 application.
4) You will notice that after saving the SAML2 configuration for this application that you will also have the option of downloading the Metadata XML file for assisting with integration with the target SAML2 application (service provider).

2) Well Known URLs

‌Use the table below to quickly give you the well known URLs for your Fusion instance.
Name
URL
Well Known SAML2 Metadata
/.well-known/saml2/metadata