There are some situations in which GrowthZone can act as identity provider for a SAML SSO configuration. The steps in this article can serve as guidelines for future setups, which will vary in the details and exact configuration.
One working example of this is GZ 4594 American College of Medical Toxicology.
We have configured a link in their InfoHub for member access to their Journal of Medical Toxicology.
STEP 1
Obtain SAML SSO documentation from the service provider. In the case above this was Springer Nature.
https://librarian.springernature.com/single-sign-on
STEP 2
In FusionAuth Prod create a new application using the naming convention:
[GrowthZone] - {Customer Name/Acronym}: {Vendor Name/Acronym}
For example, the application for American Journal of Medical Toxicology in FusionAuth is:
[GrowthZone] - ACMT: Springer Nature
The Tenant will be GrowthZone (or MemberSuite as needed).
In the Application > SAML tab you need to enter the Issuer/Entity ID provided by the vendor/3rd party, as well as at least one Authorized Redirect URL/Assertion Consumer Service (ACS).
Be sure to save the application after making entries/updates.
STEP 3
Depending on the vendor's SSO documentation or needs, at this step you may need to provide them with the metadata URL and Entity Id created in the FusionAuth application in Step 2 above. After receiving confirmation that the vendor/3rd party has loaded the metadata and info into their system, you can proceed with the next step.
STEP 4
Create an Identity Provider in FusionAuth. Platform Integrations does not have access to that area of FusionAuth so Jason M. or someone else will need to assist with setting up an Identity Provider.
For the American College of Medical Toxicology example, the Identity Provider for ACMT was configured using a Client Id and Secret and oauth endpoints for their association URL https://americancollegeofmedicaltoxicology.growthzoneapp.com/
A toggle switch was activated within the Identity Providers area to relate the IdP to the ACMT application in FusionAuth.
STEP 5
A generic template can be applied to the OAuth authentication page in FusionAuth > Templates. Template items can be hidden from view such as additional login fields and other links as needed using CSS in the template CSS area.
For example, see the American College of Medical Toxicology theme in FusionAuth titled ACMT.
Testing of the SAML SSO will necessitate a test user with credentials for logging into the InfuHub. It is recommended to test the links using Incognito/Private Browsing mode in a browser, or to first log out of GrowthZone, as GZ staff login session info will interfere with the authentication process.