Back to Home PageView SDKs on GithubView APIs in ReadmeSystem Status
Search…
Prague
Strivacity Fusion: Prague Release
SUPPORT INFORMATION
Raising a Support Ticket
Security Vulnerability Response
Reporting a Security Issue
Our Service Level Commitment
Getting Started
Overview
Product Components
Pre-Configured Best Practices
Using the Dashboard
Overview
APIs
Using the REST APIs
Adaptive APIs
Administrative APIs
Anonymous Visitor and Consent APIs
Authentication APIs
Customer Lifecycle APIs
Customer Self-Service APIs
API security policy
Setup and Manage
Adaptive Multi-factor Authentication
Claim Dialects
Consent Management
Enterprise Login
Setup an External OIDC Identity Provider
Setup and External SAML2 Identity Provider
Identity Stores
Password Polices
Integrate Your Applications
Lifecycle Event Hooks
Notification Policies
Self-service
Rebranding and Customization
Using Your Own Brand, Logos, and Color Schemes
Using Multiple Custom Domain Names
Customizing Email Templates
Customizing SMS Templates
Rebranding the Admin Console
Localization
Managing Accounts and Groups
Overview
Creating an Account
Editing an Account
Delete an Account
Enable/Disable an Account
Creating a Group
Deleting a Group
Managing Group Membership
Configuration
Admin Roles
Admin Adaptive MFA
Admin Branding
Admin Notifications
Admin Users
General
Logging
REST API Access Policies
Integrations
CRM, CDP, and Marketing
External identity providers
Passwordless
Identity proofing
Productivity
Security
Social Login
Developer SDKs
Overview
Android Mobile SDK
iOS Mobile SDK
Architecture and Deployment
Rate Limiting
Brute-force Protections
Regional Availability
Powered By GitBook
Setup and External SAML2 Identity Provider
Setting up an external SAML login with any third-party identity provider requires establishing a trusted relationship between Fusion and the third-party identity provider.

Configuring Fusion with an External SAML2 Identity Provider (IdP)

Following these steps will enable you to setup an external OIDC identity provider with Fusion (and your application).
1) Start by logging into the Admin Console using an admin account.
2) From the left-hand menu, select External Login, then Enterprise Login
3) From the Enterprise Login screen, click the + Create Enterprise Login button from the top right hand corner.
4) From the Create Enterprise Login Provider screen click the SAML icon, as shown below:
Click to Enlarge
5) The Create SAML Login Provider screen will now be displayed, as shown below:
Click to Enlarge
The table below provides guidance on how to complete and use these fields on the General tab:
Field Name
Description
Name
Define a name for this Enterprise OIDC Login Provider. This name is used to refer to this provider throughout Fusion.
Login Button Text
This is the text that is displayed on the login button on the log-in screen. If no custom text is displayed here then the name will be used.
Description
Define a description to help other Fusion admins understand what this provider is used for.
Entity ID
The Entity ID is automatically generated by Fusion when you save the Application at the end of this process. This is the primary identifier used by your application to trust Fusion when it performs any services on its behalf (such as authentication). This is public.
URL
Set the URL to load SAML XML Metadata from. This URL must be publicly accessible via the desired IdP.
File
Upload a file to load SAML XML Metadata. This file is typically obtained from the desired IdP's admin interface.
Metadata Preview
Presents a high level preview of the SAML XML Metadata that was loaded. This is useful for double checking that the desired IdP's Metadata has been loaded properly.
Force Authentication
Instruct the desired IdP to force user interaction and not reuse authentication state from a previous authentications (sets ForceAuthn to true in the SAMLRequest).
NameID Format
Specify the Name Identifier Format that will be presented within the SAMLRequest. This is a hint to the IdP as to how the primary identifier will be formatted.
Protocol Binding
Determine if the SAML parameters are sent as a query string, or in the body of a POST. These settings typically must be agreed upon between the IdP and SP configuration settings.
Customer Data Handling
If you choose to synchronize and store any profile data at each login, then Fusion will retrieve and store this information which will be visible to the customer in the My Account page and to any Fusion Admin's when managing the customer identity.
6) Once completed, click the Save button. You will now be able to view the Claim Mappings tab, and edit and add any additional claims for this SAML2 integration.
7) Once you've made any changes to Claim Mappings, you're ready to copy the EntityID from your third-party application, and paste the respective values into the ClientID and Client Secret fields. Click Save.
Fusion will use the User (Read) attributes of the customers profile. If you choose to synchronize and store any account profile data at each login, then Fusion will retrieve and store this information which will be visible to the customer in the My Account page, and to and Fusion Admin's when managing the customer identity.
​
Previous
Setup an External OIDC Identity Provider
Next - Setup and Manage
Identity Stores
Last modified 6mo ago
Export as PDF
Copy link