Purpose
FuseWorks offers single sign-on via OpenId integration with Practice Protect. This providers a seamless login experience to FuseDocs & FuseWorks, including the desktop app.
Practice Protect will configure this on your behalf with FuseWorks. Please send us an email at support@practiceprotect.com
Prerequisites for FuseWorks SSO
- Administrator Access in Practice Protect
- List of All Users in Fuse Works
- Username/Email for staff should match the login names in Practice Protect.
Instructions
1. Login to Practice Protect and switch to Admin portal.
2. Go to Roles > Add Role > Under Description, enter the name of the Role on the Name field i.e. “FuseWorks SSO Users” or skip if existing role exits.
3. Click on Members > Click Add > Add all FuseWork users and Click Save. All users must be added, otherwise they wont be able to access FuseWorks.
4. Click Save and Close the Role.
5. Now Go to Apps > Web Apps > Click on Add Web Apps > Go to Custom > Select OpenID Connect then click Add.
6. Click Yes to add.
7. Close out of the Add section.
8. Set the following fields:
Application ID: FuseWorks
Name: FuseWorks
Description: FuseWorks SSO
Click Save
9. Right Click on the below FuseWorks Icon and Save to your desktop.
______________
10. Click Browse next to the logo and select the downloaded image from step 9.
Confirm the Icon is showing and click Save.
11.Generate a Client Secret Password here.
Select, Numbers, Lowercase and Uppercase and set Length to 16. Then click Generate.
Copy the Password
12. Go to Trust, Paste the Generated Password in the Client Secret field.
13.Go down to Service Provider Configuration and set it to “https://app.fuse.work”
14. Under Authorized Redirect URIs click Add.
15. Add the following URL. Note: don’t include commas “https://fuseexternal.azurewebsites.net/api/Session/OIDCCallback”
Click Add.
16.Repeat till you add the following URLs listed below: “https://fusewebapi.azurewebsites.net/api/Session/OIDCCallback”
“https://api.fuse.work/internal/api/Session/OIDCCallback”
17. Confirm all three URLs are showing. Then, click Save.
18. Go to Tokens. Check the box for “issue refresh tokens”.
19. Scroll down to custom login and look for the following line. “var email = LoginUser.Email;”
Update this to “var email = LoginUser.Username;”
As below and click Save to apply changes.
If the Script is missing, you can use the below: (Copy and Paste)
setIssuer(Issuer);
setClaim('name', LoginUser.DisplayName);
setClaim('preferred_username', LoginUser.Username);
// Claims "email" & "email_verified" will only be set
// if "email" is specified in scope.
var email = LoginUser.Username;
setClaim('email', email);
if (email && email != 'unset')
setClaim('email_verified', true);
20. Go to Permissions and click Add.
21. Search for the role created in step 2, tick the Role and Add.
22. Click Save.
23. Go back to Trust. Note down the Client ID, Client Secret and Metadata URL.
24. Reach out to Fuse Works Support. Create a new email to support@fuse.work with the sample details below:
To: support@fuse.work
Subject: Practice Protect SSO Request
Body:
Hi FuseWorks Support,
We have configured FuseWorks for SSO in Practice Protect. Please see configuration details below:
Client ID: (from step 23)
Client Secret: (from step 23)
Metadata URL: (from step 23)
Regards,
Your Name
Note: If you have the option to manage Organization Security Settings available on your account, we can help configure and enable SSO without reaching out to Fuse Works.
25. Once FuseWorks Confirms. You may now test login.