Set up SAML Authentication Using FusionAuth
Single Sign-On (SSO) enables users to seamlessly sign in to applications and services without re-entering the credentials. Cyware applications integrate with FusionAuth to use SSO using the Security Assertion Markup Language (SAML) protocol.
SAML is an XML-based protocol used for exchanging authentication and authorization data between applications. Within the Cyware application-FusionAuth SAML integration, the Cyware applications act as the Service Provider (SP), and FusionAuth acts as the Identity Provider (IdP). When you sign in to the applications using the SAML authentication method, the IdP (FusionAuth) sends a SAML assertion to the browser that is passed to the SP (Cyware applications). This enables FusionAuth to establish a secure connection with the browser and then authenticate the users to sign in to the application.
Supported Cyware Applications
You can configure FusionAuth as a SAML 2.0 authentication method in the following Cyware applications:
Intel eXchange (CTIX) versions 3.4.2.1 and later
Before you Start:
You must have administrator-level access to FusionAuth.
You must have administrator-level edit permission to update the authentication configuration in the Cyware application.
Steps
To set up SAML SSO in a Cyware application using FusionAuth, perform the following steps:
Get Service Provider Details from the Cyware Application
To configure a Cyware application as a SAML 2.0 app in FusionAuth, you must provide the service provider details of the application, such as the Assertion Consumer URL and Entity ID.
To get the service provider details for Intel Exchange, see Configure SAML 2.0 as the Authentication Method.
Configure Cyware Application as SAML 2.0 App in FusionAuth
In FusionAuth, configure a Cyware application as a SAML 2.0 app and generate the SSO URL and certificate. These details are required to provide the identity provider details of FusionAuth in the SAML 2.0 authentication configuration of the application.
To configure an application as a SAML 2.0 app in FusionAuth, do the following:
Note
This procedure mentions the fields and values that are required to configure a Cyware Application as a SAML 2.0 app. For the fields that are not mentioned, leave them as it is. For more information, see Applications in FusionAuth.
Sign in to FusionAuth.
Go to Applications and click Add to add a Cyware application.
Enter a name to identify the application. For example, Intel eXchange (CTIX).
Go to the SAML tab and turn the Enabled toggle on.
Enter the following details:
Issuer: Enter the Entity ID of the Cyware application.
Authorized redirect URLs: Enter the Assertion Consumer URL of the Cyware application.
Logout URL: Enter one of the following URLs based on the Cyware application:
For Intel Exchange, enter
https://<domain>/ctix/
.
In the Authentication response section, in Signing key, select Auto Generate a new key on save to generate a new key for your Cyware application. You can also select an existing key to reuse the key for your Cyware application.
Click Save.
SAML 2.0 authentication is configured for your Cyware application in FusionAuth. You can view your Cyware application with a unique ID in the list of applications in FusionAuth.
Get Identity Provider Details from FusionAuth
After configuring your Cyware application in FusionAuth as a SAML 2.0 application, retrieve the integration details, such as the SSO URL and certificate, to configure FusionAuth as a SAML 2.0 authentication method in your Cyware application.
To get the SSO URL, do the following:
Sign in to FusionAuth and go to Applications.
Identify your Cyware application and click View under the Action column.
Go to the SAML v2 Integration details section and copy the Login URL value.
You can use the Login URL as the SSO URL in your Cyware application.
To get the SSO URL, do the following:
Go to Settings > Key Master.
Identify your Cyware application (SAML key generated for application <app name>) and click Download.
The keys are downloaded in a ZIP file that includes the certificate.crt
file.
Configure FusionAuth as SAML 2.0 Authentication Method in Cyware Application
Use the identity provider details (login URL and certificate) to configure FusionAuth as a SAML 2.0 authentication method in a Cyware application.
To configure the SAML 2.0 authentication method in Intel Exchange, see Configure SAML 2.0 as the Authentication Method.
Add User in FusionAuth
Add users of the Cyware applications to FusionAuth and enable them to sign in using the FusionAuth credentials.
Before you Start
Ensure that the user to be added in FusionAuth already exists in the Cyware application.
Note
You can add a user in FusionAuth without adding the user to Intel Exchange. Intel Exchange supports just-in-time provisioning that automatically creates a user account when a user signs in using FusionAuth authentication.
Steps
To add a user in FusionAuth, do the following:
Note
The steps to create users in FusionAuth may vary. For more information, see Add a User in FusionAuth.
Sign in to FusionAuth.
Go to Users and click Add Use r on the upper right.
Enter the following details:
Enter the same email ID of the user as in the Cyware application. The user will be authenticated using this email ID.
Enter a unique username for the user.
Click Save.
The user is added and will receive an email invite to set up the sign-in password. The user must set up the password to sign in to FusionAuth and the configured SAML 2.0 applications.
Register FusionAuth User with Cyware Application
To enable users added to FusionAuth to sign in to Cyware applications using the SAML authentication method, do the following:
Sign in to FusionAuth and go to Users.
Select a user and click Manage under the Action column.
In the Registrations tab, click Add registration.
In Application, select a Cyware application to register. For example, Intel eXchange (CTIX).
Click Save.
The user is registered with the Cyware application and can sign in using the SAML authentication method.
Validate the SAML SSO Integration
To validate the SAML SSO integration, do the following:
Open the Cyware application in a web browser.
Click the SAML authentication method.
Enter the FusionAuth credentials to sign in.
You should be able to sign in to the application.