The Fuel Cycle platform supports SAML 2.0 SSO and welcomes clients who want to enable this feature for their client users. The instructions assume that the metadata exchange is handled by your company's IT personnel.
SSO enables community members or moderators log in to a Fuel Cycle community using their own company network or website login.
In order to setup SAML 2.0 SSO integration for a client community, we need to ensure that the following assumptions are met:
- Your company assumes the role of Identity Provider (IDP) and delegates the role of Service Provider (SP) to Fuel Cycle
- Your company has SAML 2.0 SSO login system set up for the role of IDP
How to Setup
- Your company provides Fuel Cycle with IDP metadata
- Fuel Cycle provisions new SP metadata to the client
- Your company adds our provided SP metadata to their SAML 2.0 SSO system
- Fuel Cycle adds client’s IDP metadata to their community backend
Once this is completed, we can request that the client test and verify that it is working in their system as expected, as clients are the ID provider who is responsible for generating the authentication.
Every authenticated member login that is SSO verified in the community using SAML 2.0 must include the member’s email address associated with their community registration.
See the bottom of this article for details and an example of how to include the email address attribute in the SAML response.
Sending the email address attribute in SAML response
SAML Response must have the saml:Attribute with the Name as ‘EmailAddress’ and corresponding saml:AttributeValue exactly the same as the email address of our SP account. Then we can use this email address to retrieve the corresponding user account on the SP side to complete the sign-on.
Please reference the highlighted portion of the response below as an example.