Authentication

The Authentication page, found under Setup in the navigation menu, is available to System Administrators. This page allows you to choose the types of authentication methods available to your users, including traditional email/password logins, Google accounts, Microsoft accounts, and Okta. You can enable one or multiple options to provide flexible and secure access.

If you configure Google, Microsoft, or Okta, you are setting up Single Sign-On (SSO) using OpenID Connect, which allows users to authenticate with their existing credentials. This helps streamline the login experience and enhances security by integrating with your organization’s identity provider. For more details on configuring each method, see the sections below.

This page is only available to systems configured to use Fusion Identity for authentication. Fusion Identity enables authentication for Fusion Online and other products within the Fusion Suite, such as the Fusion Portal. It streamlines access by allowing users to maintain a single identity across multiple instances of Fusion Online, whether within the same company or across different organizations. For more details on the Fusion Identity login process, refer to Logging into Fusion Online.

Authentication

Before disabling email/password authentication, ensure that your SSO configuration (Google, Microsoft, or Okta) is fully set up and tested. Disabling email/password authentication without verifying the SSO setup could lock out all users, including administrators, from accessing the system.

Login with Email/Password

  • Enable this option to allow users to authenticate using an email and password. The password is unique to their Fusion Identity profile. The user can log in if the email address associated with their Fusion Identity account matches the email of an active user in the system.

  • Users can reset their password using the Forgot Password link on the login page.

  • For enhanced security, email/password authentication includes a two-factor authentication (2FA) step. When a user logs in from a new browser or computer, or if the existing login session cookie is missing or over 30 days old, a verification code will be sent to the user’s email. This cookie-based approach ensures that users are prompted for 2FA when using a new device, when clearing browser cookies, or after an extended period of inactivity.

Login with Google

  • Enable this option to allow users to authenticate using a Google account. This setup supports Single Sign-On (SSO) through Google, enabling users to sign in with their Google credentials.

  • The user can log in if the email address associated with their Google account matches the email of an active user in the system.

  • When first logging in with Google, users must verify their email address to confirm ownership.

  • Google Account Type:

    • Allow any Google account: Permits login with any personal Google account or any Google Workspace account, provided the email matches that of an active user in the system.

    • Configure with Google Workspace: Restricts login to Google accounts from your own Google Workspace. You must create an OpenID Connect application in your Google administrator console to set up this integration and enable SSO.

Login with Microsoft

  • Enable this option to allow users to authenticate using a Microsoft account. This setup supports Single Sign-On (SSO) through Microsoft, enabling users to sign in with their Microsoft credentials.

  • The user can log in if the email address associated with their Microsoft account matches the email of an active user in the system.

  • Users must verify their email address during their first login with Microsoft to confirm ownership.

  • Microsoft Account Type:

    • Allow any Microsoft account: Permits login with any Microsoft account, as long as the email matches an active user in the system.

    • Configure with Microsoft Entra ID: Restricts login to accounts from your own Microsoft Entra ID directory. You need to create an OpenID Connect application for your Microsoft Entra ID in Azure to set up this integration and enable SSO.

Login with Okta

  • Enable this option to allow users to authenticate using your organization’s Okta domain, providing Single Sign-On (SSO) through Okta.

  • You need to create an OpenID Connect application in your Okta administrator console to set up this integration and enable SSO.

  • Users can log in with their Okta account if the email address matches that of an active user in Fusion Online.

  • Users must verify their email address during their first login with Okta to confirm ownership.

See also

Last updated

Was this helpful?