« Precautions for Use (fusion_place >= 14.0)   |   Configuration for Using SAML Authentication (fusion_place Side) (fusion_place >= 14.0) »

Configuration for Using SAML Authentication (IdP Side) (fusion_place >= 14.0)

This manual is in pilot operation.

To use the SAML authentication feature of fusion_place, configuration on the IdP side is required. This section explains the IdP-side configuration.

Configuration methods and items vary depending on the IdP. For details, refer to the manual of each IdP. In this section, the configuration method for the representative IdP, "Entra ID," is described as an example.

Configuration Method 1: Configure Required Items

Log in to the Entra ID administration screen and perform the following configuration. For information on logging in to the administration screen and obtaining permissions, refer to the Entra ID manual.

  1. Create an Entra ID application
    From [New application] → [Create your own application], add a new application.

  2. Add users who log in to fusion_place
    From [Users] → [Add user], add users or groups who will log in to fusion_place.

  3. Configure required items
    Select [Single sign-on] and configure the following items.

    Configuration Location Description Value

    1. Basic SAML Configuration - Identifier (Entity ID)

    Identifier to identify the SP

    https://(host):(port)/fusionplace

    1. Basic SAML Configuration - Reply URL (Assertion Consumer Service URL)

    Reply URL for single sign-on

    https://(host):(port)/fusionplace/sso-acs

    2. Attributes & Claims - Unique User Identifier

    Microsoft account attribute linked to the fusion_place user account

    user.userprincipalname
    Mapping between fusion_place and IdP user IDs is specified in "Attributes & Claims - Unique User Identifier." The mapped ID must be set in the fusion_place user account.

  4. Download the certificate
    From [Single sign-on] → 3 SAML Certificates, download the Token signing certificate (Certificate (Base64)).

Configuration Method 2: When Using Single Logout (Optional)

If using single logout, perform the following configuration.

Configuration Location Description Value

1. Basic SAML Configuration - Logout URL

Logout URL for single sign-on

https://(host):(port)/fusionplace/sso-sls
Customers using fusion_place cloud cannot use the options in Configuration Method 3 and Configuration Method 4.

Configuration Method 3: When Signing Data Sent from fusion_place (SP) to the IdP (Optional)

If signing data sent from fusion_place (SP) to the IdP, perform the following configuration.

To use this option, prepare a certificate. (Use a certificate issued by a third party.)

Configuration Location Description Value

3. SAML Certificates - Verification Certificates - Require verification certificates

Set whether a certificate is required

Yes

3. SAML Certificates - Verification Certificates - Upload certificate

Upload a certificate

Select and upload a certificate file (extension: cer)

Configuration Method 4: When Encrypting Data (Assertions) Exchanged Between fusion_place (SP) and the IdP (Optional)

Configuration Location Description Value

Select [Token encryption] > Import certificate

Upload the certificate created for signing.

Upload the certificate created for signing.