Configuration for Using SAML Authentication (IdP Side) (fusion_place >= 14.0)

This manual is in pilot operation.

To use the SAML authentication feature in fusion_place, you need to configure your IdP. The following describes the required configuration on the IdP side.

The configuration method and items differ depending on the IdP, so please refer to the manual for your IdP for details. This article explains the settings using "Entra ID," a representative IdP, as an example.

Configuration Method 1 Setting Required Items

Log in to the Entra ID management console and perform the following configuration. For information on logging in to the management console or obtaining permissions, please refer to the Entra ID manual.

  1. Create an application in Entra ID
    Add a new application via [New application] → [Create your own application].

  2. Add users for logging into fusion_place
    Add users or groups who will log in to fusion_place via [Users] → [Add user].

  3. Download the certificate
    Download the certificate (Base64) for the token signing certificate in [Single sign-on] → 3 SAML Certificates.

  4. Set required items
    Select [Single sign-on] and configure the following:

Setting Location Description Setting Value

1. Basic SAML Configuration - Identifier (Entity ID)

Identifier for SP

1. Basic SAML Configuration - Reply URL (Assertion Consumer Service URL)

Response URL for single sign-on

2. Attributes and Claims - Unique User Identifier

Microsoft account attribute linked to the fusion_place user account

user.userprincipalname

The linkage between the fusion_place and IdP user ID is specified in "Attributes and Claims - Unique User Identifier." The linked ID must be set as the user account in fusion_place.

Configuration Method 2 When Using Single Logout (Optional)

If you want to use Single Logout, configure the following settings.

Setting Location Description Setting Value

1. Basic SAML Configuration - Logout URL

Logout URL for single sign-on

Customers subscribed to fusion_place cloud cannot use the options described in Configuration Method 3 and Configuration Method 4.

Configuration Method 3 When Signing Data Sent from fusion_place (SP) to the IdP (Optional)

If you want to sign data sent from fusion_place (SP) to the IdP, configure the following.

If you use this option, please prepare a certificate (use a certificate issued by a third party).

Setting Location Description Setting Value

3. SAML Certificates - Verification Certificate - Require Verification Certificate

Set whether a certificate is required

Yes

3. SAML Certificates - Verification Certificate - Upload Certificate

Upload the certificate

Select and upload the certificate file (with .cer extension)

Configuration Method 4 When Encrypting Data (Assertion) Exchanged Between fusion_place (SP) and IdP (Optional)

Setting Location Description Setting Value

Select [Token Encryption] > Import Certificate

Upload the certificate created for signing.

Upload the certificate created for signing.