User accounts for those who use fusion_place must be registered with both your integrated authentication platform (LDAP server) and fusion_place. This is because only authentication is delegated to the LDAP server, while authorization management is performed in fusion_place.

The types and lengths of characters that can be used in user account names must comply with the fusion_place Terms.

When using LDAP authentication, passwords are sent in plain text from the client PC to the fusion_place server (Basic authentication). Normally, Digest authentication, in which only the hash value of the password is sent, is used, but when using Single Sign-On, the password must be sent to the LDAP server.

If this is not desirable, it is possible to encrypt all communication between the client PC and the fusion_place server using SSL / TLS (see "System Administration Guide > Network Security").

The fusion_place server sends the user’s distinguished name (DN), which includes the user account name, and password to the LDAP server, and receives the authentication result. There are several methods to encrypt this communication. For details, see the "Security Settings" page.

Only a single user distinguished name format can be set for the fusion_place server. If different user name formats are required for each user (e.g., because the organizational unit (OU) differs), it must be handled on the LDAP server side.