This guide provides step-by-step instructions for configuring Single Sign-On (SSO) between RapidIdentity and your FMX application using SAML 2.0.

Important: This document covers SSO configuration only. User provisioning and deeper RapidIdentity integrations are managed separately within RapidIdentity.

Overview

  • Identity Provider (IdP): RapidIdentity
  • Service Provider (SP): FMX
  • Protocol: SAML 2.0

Once configured, users will be able to log in to FMX using their RapidIdentity credentials.

Prerequisites

Before you begin, ensure the following:

  • You have administrator access to RapidIdentity
  • SAML SSO is enabled for your FMX tenant
  • You know your FMX hostname (for example: https://hostname.gofmx.com)
  • Users who will access FMX already exist in FMX and RapidIdentity

FMX SAML Configuration Values

You will use the following FMX values when configuring RapidIdentity:

  • Audience / Entity ID

    https://hostname.gofmx.com/

  • Assertion Consumer Service (ACS) / Reply URL

    https://hostname.gofmx.com/login/saml2/callback

  • Recipient

    https://hostname.gofmx.com/login/saml2/callback

Step 1: Create a SAML Application in RapidIdentity

  1. Log in to the RapidIdentity Admin Portal
  2. Navigate to Applications or SAML Applications (menu names may vary)
  3. Select Create New Application or Add Application
  4. Choose SAML 2.0 as the application type

Step 2: Configure SAML Settings in RapidIdentity

When configuring the SAML application, enter the FMX values listed above.

Required Settings

  • Entity ID / Audience:
    https://hostname.gofmx.com/
  • ACS / Reply URL:
    https://hostname.gofmx.com/login/saml2/callback
  • Recipient URL:
    https://hostname.gofmx.com/login/saml2/callback
  • SAML Response: Signed
  • Assertion: Signed (recommended)

NameID Configuration

  • NameID Format: Email Address
  • NameID Source: User Email

This ensures FMX can uniquely identify users by email address.

Step 3: Configure User Attributes (Claims)

FMX requires the user’s email address and recommends sending first and last name attributes.

Required Attribute

  • email → User Email

Recommended Attributes

  • firstName → User First Name
  • lastName → User Last Name

Attribute naming may vary depending on your RapidIdentity configuration.

Step 4: Obtain RapidIdentity IdP Metadata

After saving the SAML application, collect the following RapidIdentity values:

  • Identity Provider SSO URL
  • Issuer / IdP Entity ID
  • X.509 Signing Certificate

You will provide these values to FMX to complete the setup.

Step 5: Configure SSO in FMX

Provide the following RapidIdentity details to FMX (or to FMX Support):

  • Identity Provider SSO URL
  • IdP Issuer / Entity ID
  • X.509 Signing Certificate

Once these values are configured, FMX will enable SAML SSO for your tenant.

Step 6: Assign Users in RapidIdentity

Ensure users are assigned to the FMX SAML application in RapidIdentity. Only assigned users will be able to authenticate via SSO.

Step 7: Test the SSO Configuration

We recommend testing with a small set of users before full rollout.

Test Options

  • IdP-initiated login: Launch FMX from the RapidIdentity application portal
  • SP-initiated login: Log in from the FMX login page using the SSO option

If login fails, verify:

  • Entity ID and ACS URL match exactly
  • Users are assigned to the application
  • The correct signing certificate is configured

Troubleshooting Tips

  • Invalid Audience error: Verify the Entity ID matches FMX exactly
  • User not found: Confirm the email in RapidIdentity matches the user email in FMX
  • Signature errors: Ensure assertions are signed and the correct certificate is used

Need Help?

If you need assistance completing your RapidIdentity SSO setup, contact FMX Support and include:

  • Your FMX tenant URL
  • RapidIdentity IdP metadata (SSO URL, Issuer, Certificate)
  • Any error messages or screenshots

Was this article helpful?

  • 0 out of 0 found this helpful