« Server Configuration for IPv6 Support   |   SAML Authentication (fusion_place >= 14.0) »

What is Single Sign-On

This manual is in pilot operation.

Single Sign-On (SSO) is a feature related to access control for multiple related but independent software systems. Single Sign-On enables the following:

  1. Identity Management – Logging into multiple software systems with a single set of credentials (user ID and password) for each user.

  2. Session Management – Seamless login to multiple software systems with a single authentication.

The benefits of using Single Sign-On include reducing the effort of remembering and entering authentication information, and lowering IT costs through unified user management. In addition, since users do not need to manage many different credentials, SSO is expected to reduce the use and reuse of easily memorable but insecure passwords, thus providing security advantages.

fusion_place supports two types of Single Sign-On:

  1. SAML Authentication

  2. LDAP Authentication

SAML Authentication (fusion_place >= 14.0)

With SAML (Security Assertion Markup Language) Authentication in fusion_place, both identity management and session management are supported. fusion_place acts as a SAML SP (Service Provider), and users can log in to fusion_place by authenticating through an IdP (Identity Provider). The login sessions of fusion_place clients such as [Contributor], [Browser], and [Manager] are centrally managed by the web browser.

fusion_place has been confirmed to work with SAML authentication using the following IdP:

  • Entra ID

LDAP Authentication

With LDAP (Lightweight Directory Access Protocol) Authentication in fusion_place, identity management*[1] among identity and session management is supported. Using credentials provided by the directory server, users can log in to the fusion_place server from fusion_place clients such as *[Contributor], [Browser], and [Manager].

References

1. LDAP bind is used. For Active Directory, it can be connected to fusion_place as an LDAPv3 server.