Configure Crestron Fusion

Crestron Fusion software can be configured to support SAML single sign-on after it has been configured within the Okta and Azure Active Directory services.

Configuration is accomplished by entering the administrator group name and other values from Azure Active Directory and Okta Directory into the Crestron Fusion Configuration Manager. Once Crestron Fusion is running, the user groups can be set to different levels of user access and authorization in the Crestron Fusion setup web client.

To configure Crestron Fusion for SAML single sign-on:

  1. Log in to the Microsoft® Windows® operating system server hosting the Crestron Fusion application.

  2. Open the Crestron Fusion Configuration Manager.

  3. Select Authentication from the left navigation menu.

Authentication via Azure Active Directory

  1. Enter the following information in the Crestron Fusion Configuration Manager:

    • Authentication Method: Select the SAML radio button.

    • Administrator Group Name: Enter the administrator group name created in the Azure Active Directory in the Administrator Group Name text field. This group should include all members that will have full administrator access to the Crestron Fusion application. For more information, refer to Create an Administrator Group in Configure Azure Active Directory.

    • Administrator Group Id: Enter the administrator group object id created in the Azure Active Directory.

    • SAML Metadata File: Enter the SAML XML Metadata from the previously downloaded Federation Metadata XMLcertificate.

      NOTES: 

      • Do not format the SAML XML Metadata in the Configuration Manager.
      • Crestron Fusion® software does not validate the SAML XML Metadata. Ensure it is correct when you paste the Metadata.

    Crestron Fusion Configuration Manager – Authentication using Azure Active Directory

    Crestron Fusion Configuration Manager – Authentication using Azure Active Directory

    To locate the administrator group name and group object id, navigate to Azure Active Directory > Groups in the Azure portal, and then copy the appropriate group name and Group object id.

    SAML Admin Group

Authentication via Okta

Enter the following information in the Crestron Fusion Configuration Manager:

  • Authentication Method: Select the SAML radio button.

  • Administrator Group Name: Enter the administrator group name created in the Okta Directory in the Administrator Group Name text field. This group should include all members that will have full administrator access to the Crestron Fusion application. For more information, refer to Configure Okta.

  • SAML Metadata File: Enter the SAML XML Metadata from the previously downloaded Federation Metadata XML certificate.

    NOTE: Do not format the SAML XML Metadata in the Configuration Manager.

Crestron Fusion Configuration Manager – Authentication using Okta

Crestron Fusion Configuration Manager – Authentication using Okta

To locate the administrator group name, navigate to Okta Directory > Groups in the Okta portal, and then copy the appropriate group name.