Configuration for Using SAML Authentication (IdP Side) (fusion_place >= 14.0)
This manual is in pilot operation.
|
To use the SAML authentication feature in fusion_place, you need to configure your IdP. The following describes the required configuration on the IdP side.
The configuration method and items differ depending on the IdP, so please refer to the manual for your IdP for details. This article explains the settings using "Entra ID," a representative IdP, as an example.
Configuration Method 1 Setting Required Items
Log in to the Entra ID management console and perform the following configuration. For information on logging in to the management console or obtaining permissions, please refer to the Entra ID manual.
-
Create an application in Entra ID
Add a new application via [New application] → [Create your own application]. -
Add users for logging into fusion_place
Add users or groups who will log in to fusion_place via [Users] → [Add user]. -
Download the certificate
Download the certificate (Base64) for the token signing certificate in [Single sign-on] → 3 SAML Certificates. -
Set required items
Select [Single sign-on] and configure the following:
Setting Location | Description | Setting Value |
---|---|---|
1. Basic SAML Configuration - Identifier (Entity ID) |
Identifier for SP |
|
1. Basic SAML Configuration - Reply URL (Assertion Consumer Service URL) |
Response URL for single sign-on |
|
2. Attributes and Claims - Unique User Identifier |
Microsoft account attribute linked to the fusion_place user account |
user.userprincipalname |
The linkage between the fusion_place and IdP user ID is specified in "Attributes and Claims - Unique User Identifier." The linked ID must be set as the user account in fusion_place. |
Configuration Method 2 When Using Single Logout (Optional)
If you want to use Single Logout, configure the following settings.
Setting Location | Description | Setting Value |
---|---|---|
1. Basic SAML Configuration - Logout URL |
Logout URL for single sign-on |
Customers subscribed to fusion_place cloud cannot use the options described in Configuration Method 3 and Configuration Method 4. |
Configuration Method 3 When Signing Data Sent from fusion_place (SP) to the IdP (Optional)
If you want to sign data sent from fusion_place (SP) to the IdP, configure the following.
If you use this option, please prepare a certificate (use a certificate issued by a third party).
Setting Location | Description | Setting Value |
---|---|---|
3. SAML Certificates - Verification Certificate - Require Verification Certificate |
Set whether a certificate is required |
Yes |
3. SAML Certificates - Verification Certificate - Upload Certificate |
Upload the certificate |
Select and upload the certificate file (with .cer extension) |