Overview
The FUYL Portal integrates with Active Directory (AD), Google Secure LDAP service or Okta LDAP Interface using Lightweight Directory Access Protocol (LDAP or LDAPS)
Administrators can use their existing directory to authorize individuals or groups of users to nodes, lockers or bays, delegating management of users to established systems and processes.
Configuration
External Users configuration can be found in the FUYL Portal interface by clicking on "Integrations" (in the left menu), then "External Users". Configure your connection with the help of the table below:
Field | Description |
---|---|
Provider Type | Pick from Active Directory, Google or Okta. For example pick Active Directory if you are using Azure AD DS or Google if you are using Google Workspace. |
Identifier | Enter a unique string containing only alphanumeric characters, dashes or dots. |
Connection Urls | The endpoint(s) that we will connect with to perform LDAP queries in Uniform Resource Identifier (URI) format. eg ldaps://ldap.google.com . |
Client Key | If using Secure LDAP and require certificate authentication, provide the Private Key in a PEM formatted file. |
Client Certificate | If using Secure LDAP and require certificate authentication, provide the Client Certificate in a PEM formatted file. |
CA Certificate | If the endpoint we will be connecting to is using a self-signed certificate, provide the certificate here in a PEM formatted file. |
Base DN | This is the starting search point in the LDAP tree. For example, if your domain is test.com, your Base DN might be dc=test,dc=com . |
Bind DN | Username used to connect to the LDAP service on the specified endpoint(s). For example, CN=accountname,CN=users,DC=test,DC=com . |
Bind Password | Password used to connect to the LDAP service on the specified endpoint(s). |
LDAP Filter | An LDAP filter can be used to further limit the search scope. For example (memberOf:1.2.840.113556.1.4.1941:=CN=FUYL Users and Groups,OU=Users,DC=test,DC=com) will limit the scope to only members of the FUYL Users and Groups group. For more information on LDAP Filters visit https://ldap.com/ldap-filters/
|
Once the above is configured, expand the "Attribute Mappings" section and update these fields to match your LDAP structure.
Field | Description |
---|---|
User's Name | This attribute will be used as the display name for users. By default this field is mapped to cn (Common Name). |
PIN | The attribute containing the user's PIN. |
RFID | The attribute containing the user's RFID. The values in your directory will need to match the format specified under the Account Settings. By default, the format is set to Hex. |
At this stage, click "Test Connection". Should all tests pass, save the configuration and begin configuring an appropriate workflow.
Firewall & Security
LDAP and LDAPS operate over ports 389 and 636 respectively. Ensure that you have made allowances for the protocol of your choice to reach your directory (whether on-premise or in the cloud).
Integration features such as Webhooks and External Users in the FUYL Portal send outgoing requests from a specific range of IP addresses. To ensure requests from these services are successful with your network, please whitelist the following IP addresses on any firewalls to enable connections:
Address |
---|
35.84.160.102 |
44.240.25.20 |
You may wish to exclude all other sources, ensuring only the FUYL Portal service's connections are allowed.
The LDAP queries made by the FUYL Portal are exclusively read-only, and require only access to the attributes defined above and a unique identifier attribute to avoid conflicts. You may wish to limit access to write operations, and/or all other attributes.