Setup and External SAML2 Identity Provider
Setting up an external SAML login with any third-party identity provider requires establishing a trusted relationship between Fusion and the third-party identity provider.

Configuring Fusion with an External SAML2 Identity Provider (IdP)

Following these steps will enable you to setup an external OIDC identity provider with Fusion (and your application).
1) Start by logging into the Admin Console using an admin account.
2) From the left-hand menu, select External Login, then Enterprise Login
3) From the Enterprise Login screen, click the + Create Enterprise Login button from the top right hand corner.
4) From the Create Enterprise Login Provider screen click the SAML icon, as shown below:
Click to Enlarge
5) The Create SAML Login Provider screen will now be displayed, as shown below:
Click to Enlarge
The table below provides guidance on how to complete and use these fields on the General tab:
Field Name
Description
Name
Define a name for this Enterprise OIDC Login Provider. This name is used to refer to this provider throughout Fusion.
Login Button Text
This is the text that is displayed on the login button on the log-in screen. If no custom text is displayed here then the name will be used.
Description
Define a description to help other Fusion admins understand what this provider is used for.
Entity ID
The Entity ID is automatically generated by Fusion when you save the Application at the end of this process. This is the primary identifier used by your application to trust Fusion when it performs any services on its behalf (such as authentication). This is public.
URL
Set the URL to load SAML XML Metadata from. This URL must be publicly accessible via the desired IdP.
File
Upload a file to load SAML XML Metadata. This file is typically obtained from the desired IdP's admin interface.
Metadata Preview
Presents a high level preview of the SAML XML Metadata that was loaded. This is useful for double checking that the desired IdP's Metadata has been loaded properly.
Force Authentication
Instruct the desired IdP to force user interaction and not reuse authentication state from a previous authentications (sets ForceAuthn to true in the SAMLRequest).
NameID Format
Specify the Name Identifier Format that will be presented within the SAMLRequest. This is a hint to the IdP as to how the primary identifier will be formatted.
Protocol Binding
Determine if the SAML parameters are sent as a query string, or in the body of a POST. These settings typically must be agreed upon between the IdP and SP configuration settings.
Customer Data Handling
If you choose to synchronize and store any profile data at each login, then Fusion will retrieve and store this information which will be visible to the customer in the My Account page and to any Fusion Admin's when managing the customer identity.
6) Once completed, click the Save button. You will now be able to view the Claim Mappings tab, and edit and add any additional claims for this SAML2 integration.
7) Once you've made any changes to Claim Mappings, you're ready to copy the EntityID from your third-party application, and paste the respective values into the ClientID and Client Secret fields. Click Save.
Fusion will use the User (Read) attributes of the customers profile. If you choose to synchronize and store any account profile data at each login, then Fusion will retrieve and store this information which will be visible to the customer in the My Account page, and to and Fusion Admin's when managing the customer identity.
Export as PDF
Copy link