• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

Configuring a Custom Domain for SAML Audience URLs in FusionAuth

Scheduled Pinned Locked Moved Solved
Frequently Asked Questions (FAQ)
1
2
1.1k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    wesley
    last edited by 30 Jan 2025, 21:42

    I’m working on enabling SAML login for our app using FusionAuth. While I’ve successfully set up SAML login with our company, I have a concern about the SAML audience URL.

    Currently, the audience URL provided is in the format: https://company.fusionauth.io/samlv2/sp/<id>.

    This isn’t ideal because, while we’re using FusionAuth Cloud now, we may transition to a self-hosted FusionAuth instance or a different authentication system in the future. To avoid dependencies on the FusionAuth Cloud domain, I’d like the SAML audience URL to use a domain we control, e.g., https://auth.company.com/samlv2/sp/<id>.

    Specific Questions:

    1. Is it possible to configure FusionAuth to use a custom domain for the SAML audience URL?
    2. Does the "Issuer" setting on the tenant configuration affect SAML URLs, or is it only for JWTs?
    3. I noticed the "Custom URL" option at login.fusionauth.io, but it appears to only provide aliases for company.fusionauth.io and doesn’t affect SAML audience URLs. Am I correct in this understanding?

    Additional Information:

    • We are using FusionAuth version 1.45.1 but are open to upgrading if needed.
    • Users interact only with our backend, which communicates with FusionAuth; they do not interact directly with FusionAuth.

    Thanks in advance!

    W 1 Reply Last reply 30 Jan 2025, 21:47 Reply Quote 0
    • W
      wesley @wesley
      last edited by 30 Jan 2025, 21:47

      Yes, it is possible to configure a custom domain for your SAML audience URL using FusionAuth's Custom Domain feature. This setup allows you to map your desired domain, e.g., https://auth.company.com, to your FusionAuth instance, enabling the SAML audience URL to use your custom domain.

      Steps to Achieve This:

      1. Set Up a Custom Domain:
        • Configure a custom domain in FusionAuth (available for production deployments).
        • Once the custom domain is set up, the SAML audience URL will change to reflect your domain, e.g., https://auth.company.com/samlv2/sp/<id>.
      2. Update DNS Records:
        • Point the custom domain (auth.company.com) to FusionAuth Cloud using the provided instructions during setup.
      3. Verify SAML Configuration:
        • Ensure the custom domain is reflected in the audience URL and SAML metadata. Update your SAML federation partners with the new audience URL.

      Additional Notes:

      • Issuer Setting: The "Issuer" setting on the tenant configuration only affects JWTs and is unrelated to SAML audience URLs.
      • Custom URL Limitation: You’re correct that the login.fusionauth.io option allows for aliases to the default company.fusionauth.io domain but does not impact SAML audience URLs. Setting up a full custom domain resolves this limitation.
      1 Reply Last reply Reply Quote 0
      • W wesley has marked this topic as solved on 30 Jan 2025, 21:47
      • M mark.robustelli moved this topic from Q&A on 27 Mar 2025, 22:38
      1 out of 2
      • First post
        1/2
        Last post