SSO with Fusion Auth

Firezone's universal OIDC connector has been tested to work successfully with Fusion Auth. Follow this guide to set up Fusion Auth for use with Firezone's OIDC connector.

Step 1: Create a new Application in Fusion Auth

1. Within your Fusion Auth instance, click on the Settings menu in the sidebar. Then select Key Master.
2. In the Generate drop down menu, select Generate RSA Key Pair.
3. Name the key appropriately, leave all other settings as their default.
4. Within your Fusion Auth instance, click on the Applications menu in the sidebar.
5. Click the green + button at the top of the screen.
6. Provide this application a unique name within your system (i.e. Firezone-1.0).
7. Under the OAuth tab enter the two urls provided by Firezone in the Authorized redirect URLs entry. Also add https://app.firezone.dev to the Authorized request origin URLs. You may enter any logout URL you wish. Optionally, enable PKCE for enhanced security.
8. Under the JWT tab, ensure that JWT is enabled. Also, for both entries under JSON web token settings, ensure your newly created RSA key is used.
9. Save your application. Then go back into your application in edit mode. Copy the client id / secret to enter into Firezone in the next step.

Step 2: Create identity provider in Firezone

1. In your Firezone admin dashboard, go to Settings -> Identity Providers -> Add -> OIDC.
2. Enter the client id and client secret saved from the previous step.
3. In the Discovery URL, enter https://<domain>/.well-known/openid-configuration replacing <domain> with the domain you use to host Fusion Auth.
4. Click Create.

Step 3: Test

You should now be able authenticate users to Firezone using the identity provider just created.