« Server Configuration for IPv6 Support   |   SAML Authentication (fusion_place >= 14.0) »

What Is Single Sign-On

This manual is in pilot operation. Single Sign-On (SSO) is a mechanism for access control across multiple related yet independent software systems. By using Single Sign-On, the following becomes possible:

  1. Identity Management - Logging into multiple software systems with a single set of user credentials (a combination of User ID and password).

  2. Session Management - Logging into multiple software systems seamlessly with a single authentication.

The advantages of using Single Sign-On include reduced burden of remembering and entering authentication credentials and reduced IT costs through centralized user management. Furthermore, because users do not need to manage multiple credentials, the likelihood of using simple or reused passwords decreases, which is beneficial from a security standpoint.

fusion_place supports two Single Sign-On methods:

  1. SAML Authentication

  2. LDAP Authentication

SAML Authentication (fusion_place >= 14.0)

In fusion_place, SAML (Security Assertion Markup Language) authentication supports both Identity Management and Session Management. fusion_place operates as a SAML SP (Service Provider). Users authenticate through an IdP (Identity Provider), and upon successful authentication, can log in to fusion_place. Login sessions for fusion_place clients such as [Contributor], [Browser] and [Manager] are centrally managed by the web browser.

fusion_place has been confirmed to work with SAML authentication provided by the following IdPs:

  • Entra ID

  • CloudGate UNO

LDAP Authentication

In fusion_place, LDAP (Lightweight Directory Access Protocol) authentication supports Identity Management*[1] among the capabilities of Identity Management and Session Management. Authentication credentials provided by a directory server can be used to log in from fusion_place clients such as *[Contributor], [Browser] and [Manager] to the fusion_place server.

References

1. LDAP bind is used. For Active Directory, fusion_place can connect to it as an LDAPv3 server.