SSO with Fusion Auth

STARTERTEAMENTERPRISE

Firezone's universal OIDC connector has been tested to work successfully with Fusion Auth. Follow this guide to set up Fusion Auth for use with Firezone's OIDC connector.

Step 1: Create a new Application in Fusion Auth

  1. Within your Fusion Auth instance, click on the Settings menu in the sidebar. Then select Key Master. image of sidebar with settings selected
  2. In the Generate drop down menu, select Generate RSA Key Pair. image of generate menu
  3. Name the key appropriately, leave all other settings as their default. image of key generation dialog
  4. Within your Fusion Auth instance, click on the Applications menu in the sidebar. image of sidebar with applications selected
  5. Click the green + button at the top of the screen. image of top of applications page
  6. Provide this application a unique name within your system (i.e. Firezone-1.0).
  7. Under the OAuth tab enter the two urls provided by Firezone in the Authorized redirect URLs entry. Also add https://app.firezone.dev to the Authorized request origin URLs. You may enter any logout URL you wish. Optionally, enable PKCE for enhanced security. image of oauth tab
  8. Under the JWT tab, ensure that JWT is enabled. Also, for both entries under JSON web token settings, ensure your newly created RSA key is used. image of oauth tab
  9. Save your application. Then go back into your application in edit mode. Copy the client id / secret to enter into Firezone in the next step.

Step 2: Create identity provider in Firezone

  1. In your Firezone admin dashboard, go to Settings -> Identity Providers -> Add -> OIDC.
  2. Enter the client id and client secret saved from the previous step.
  3. In the Discovery URL, enter https://<domain>/.well-known/openid-configuration replacing <domain> with the domain you use to host Fusion Auth.
  4. Click Create.

Step 3: Test

You should now be able authenticate users to Firezone using the identity provider just created.

Firezone does not automatically provision users or groups for identity providers using the universal OIDC connector. You must create Actors and associated Identities before the user will be able to sign in.


Need additional help?

Try asking on one of our community-powered support channels:

Or try searching the docs: