1. Home
  2. Applications
  3. FuseWorks
  4. Enable SSO for FuseWorks (OpenId)

Enable SSO for FuseWorks (OpenId)

Purpose

FuseWorks offers single sign-on via OpenId integration with Practice Protect. This providers a seamless login experience to FuseDocs & FuseWorks, including the desktop app.

Practice Protect will configure this on your behalf with FuseWorks. Please send us an email at support@practiceprotect.com

Prerequisites for FuseWorks SSO

  • Administrator Access in Practice Protect
  • List of All Users in FuseWorks

Instructions

1. Login to Practice Protect and switch to Admin portal.

2. Go to Roles > Add Role > Under Description, enter the name of the Role on the Name field i.e. “FuseWorks Users” or skip if existing role exits.

3. Click on Members > Click Add > Add all FuseWork users and Click Save. All users must be added, otherwise they wont be able to access FuseWorks.

4. Click Save and Close the Role.

5. Now Go to Apps > Web Apps > Click on Add Web Apps > Go to Custom > Select OpenID Connect then click Add.

6. Click Yes to add.

7. Close out of the Add section.

8. Set the following fields:

Application ID: FuseWorks

Name: FuseWorks

Description: FuseWorks SSO

Click Save

9. Right Click on the below FuseWorks Icon and Save to your desktop.

______________

10. Click Browse next to the logo and select the downloaded image from step 9.

Confirm the Icon is showing and click Save.

11.Generate a Client Secret Password here.

Select, Numbers, Lowercase and Uppercase and set Length to 16. Then click Generate.

Copy the Password

12. Go to Trust, Paste the Generated Password in the Client Secret field.

13.Go down to Service Provider Configuration and set it to “https://app.fuse.work”

14. Under Authorized Redirect URIs click Add.

15. Add the following URL “https://fuseexternal.azurewebsites.net/api/Session/OIDCCallback”

Click Add

16.Repeat and Add the following URL “https://fusewebapi.azurewebsites.net/api/Session/OIDCCallback”

Click Add

17. Confirm both URLs are showing. Then click Save

18. Go to Tokens. Ticket “issue refresh tokens”. Leave all other settings.

19. Scroll down to custom login and look for the following line. “var email = LoginUser.Email;”

Update this to “var email = LoginUser.Username;”

As below and click Save

If the Script is missing you can use the below: (Copy and Paste)

setIssuer(Issuer);
setClaim(‘name’, LoginUser.DisplayName);
setClaim(‘preferred_username’, LoginUser.Username);

// Claims “email” & “email_verified” will only be set
// if “email” is specified in scope.
var email = LoginUser.Username;
setClaim(’email’, email);

if (email && email != ‘unset’)
setClaim(’email_verified’, true);

20. Go to Permissions  and click Add.

21. Search for the role created in step 2, tick the Role and Add.

22. Click Save.

23. Go back to Trust. Note down the Client ID, Client Secret and Metadata URL.

24. Open your email client and create a new email to: support@fuse.work with the details below:

To: support@fuse.work
Subject: Practice Protect SSO Request
Body:

Hi FuseWorks Support,

We have configured FuseWorks for SSO in Practice Protect. Please see configureation details below:

Client ID:  (from step 23)
Client Secret: (from step 23)
Metadata URL: (from step 23)

Regards,

Your Name

25. Once FuseWorks Confirms. You may now test login.

Updated on July 8, 2021