This guide provides step-by-step instructions for configuring Single Sign-On (SSO) between ClassLink and your FMX application using SAML 2.0.

Important: This document covers SSO configuration only. ClassLink user provisioning and directory synchronization are managed separately within ClassLink.

Overview

  • Identity Provider (IdP): ClassLink
  • Service Provider (SP): FMX
  • Protocol: SAML 2.0

Once configured, users will be able to access FMX using their ClassLink credentials.

Prerequisites

Before you begin, ensure the following:

  • You have administrator access to ClassLink
  • SAML SSO is enabled for your FMX tenant
  • You know your FMX hostname (for example: https://hostname.gofmx.com)
  • Users who will access FMX already exist in FMX and ClassLink

FMX SAML Configuration Values

Use the following FMX values when configuring the ClassLink SAML application:

  • Audience / Entity ID

    https://hostname.gofmx.com/

  • Assertion Consumer Service (ACS) / Reply URL

    https://hostname.gofmx.com/login/saml2/callback

  • Recipient URL

    https://hostname.gofmx.com/login/saml2/callback

Step 1: Create a SAML Application in ClassLink

  1. Log in to the ClassLink Management Console
  2. Navigate to Apps
  3. Click Add App
  4. Search for Custom SAML App (or equivalent)
  5. Select SAML 2.0 as the authentication type

Step 2: Configure SAML Settings in ClassLink

When configuring the SAML application, enter the FMX values listed above.

Required Settings

  • Entity ID / Audience:
    https://hostname.gofmx.com/
  • ACS / Reply URL:
    https://hostname.gofmx.com/login/saml2/callback
  • Recipient:
    https://hostname.gofmx.com/login/saml2/callback
  • SAML Response: Signed
  • Assertion: Signed (recommended)

NameID Configuration

  • NameID Format: Email Address
  • NameID Value: User Email

This ensures FMX can uniquely identify users by email address.

Step 3: Configure User Attributes (Claims)

FMX requires the user’s email address and recommends sending first and last name attributes.

Required Attribute

  • email → User Email

Recommended Attributes

  • firstName → User First Name
  • lastName → User Last Name

Attribute names may vary based on your ClassLink environment.

Step 4: Obtain RapidIdentity IdP Metadata URL

After saving the SAML application, copy the IdP Metadata URL from ClassLink. This URL is all FMX needs to complete the SSO setup.

Step 5: Configure SSO in FMX

Provide the IdP Metadata URL to FMX (or FMX Support). Once this is configured, FMX will enable SAML SSO for your tenant.

Step 6: Assign Users in ClassLink

Ensure users are entitled to the FMX application in ClassLink. Only entitled users will be able to log in via SSO.

Step 7: Test the SSO Configuration

We recommend testing with a small group of users before full deployment.

Test Options

  • IdP-initiated login: Launch FMX from the ClassLink launchpad
  • SP-initiated login: Log in from the FMX login page using the SSO option

If login fails, verify:

  • Entity ID and ACS URL match exactly
  • Users are entitled to the application
  • The correct IdP Metadata URL is used

Troubleshooting Tips

  • Invalid Audience error: Confirm the Entity ID matches FMX exactly
  • User not found: Ensure the email in ClassLink matches the FMX user email
  • Signature validation errors: Verify the IdP Metadata URL is correct

Need Help?

If you need assistance completing your ClassLink SSO setup, contact FMX Support and include:

  • Your FMX tenant URL
  • ClassLink IdP Metadata URL
  • Any error messages or screenshots

Once complete, users will be able to securely access FMX using ClassLink Single Sign-On.

Was this article helpful?

  • 0 out of 0 found this helpful