Overview
The FUYL Smart Locker System offers seamless authentication via Single Sign-On (SSO), allowing users to access the system using their organizational Identity Provider (IdP). This method simplifies access management by relying on the organization’s IdP, which handles all user accounts and credentials. The FUYL Smart Locker System is compatible with most IdPs that support SAML or OIDC protocols.
How SSO works
- The user selects the login option on the FUYL Portal or FUYL Kiosk.
- They are redirected to the Identity Provider’s authentication screen (e.g., Google Workspace).
- The user enters their credentials.
- The IdP verifies the credentials and sends a response to the FUYL System.
- The FUYL System grants the user access.
Note: SSO and provisioning features are supported by WorkOS, an Enterprise Identity Management solution.
Set up SSO
Setting up SSO for FUYL Enhanced is a straightforward process managed through the FUYL Portal. IT Admins can select an Identity Provider and follow a convenient step-by-step wizard designed to provide instructions specific to their selected provider.
Some examples of supported Identity Providers include:
Auth0 | ADP OpenID Connect | CAS SAML |
ClassLink | Clever** | Cloudflare |
CyberArk SAML | Duo | Entra ID (formerly Microsoft Azure AD) |
Google SAML* | JumpCloud | Keycloak |
LastPass | Login.gov | Microsoft Active Directory Federation Services |
miniOrange | NetIQ | Okta |
OneLogin | Oracle | PingFederate |
PingOne | Rippling | Salesforce |
Shibboleth Generic | Shibboleth Unsolicited | SimpleSAMLphp |
VMWare |
*Google Workspace connections may take up to 24 hours to propagate, and may show as inactive in that time
** To integrate with Clever, IT Admins must contact support to provide details such as the Clever domain and ensure the SSO domain matches the Portal domain. Integration allows users to log in using methods like Clever badges, emoji logins, or usernames.
If your identity provider is not listed above, you can connect to SSO using a custom SAML or ODIC connection.
Process
- In the FUYL.io Portal, navigate to Settings > Users.
The settings button is found in the bottom right of the FUYL Portal interface. - Select Configure in the Single Sign On tile.
- Choose the Identity Provider from the list or select Custom SAML or Custom OIDC for non-listed providers.
- Follow tailored instructions for your chosen provider.
- Save and test the connection.
Set Up Provisioning
While SSO outsources authentication to a chosen external Identity Provider, some features of the FUYL Smart Locker system rely on a greater level of synchronization to simplify the user experience (e.g. Login ID or Admin selection).
The FUYL Smart Locker System leverages SCIM (System for Cross-domain Identity Management) or SFTP to automate identity provisioning, updates and de-provisioning of users. Provisioning gives IT Admins greater control over user access by defining schema and attribute mapping.
Process
Ensure that SSO is set up and working before beginning provisioning set up.
- In the FUYL.io Portal, navigate to Settings > Users.
The settings button is found in the bottom right of the FUYL Portal interface. - Select Configure in the Provisioning tile.
- You will be directed to tailored instructions for your IDP or SFTP
- Once set up, check the users exist in the users tab
Users may take several minutes to propagate, especially in larger directories
Admin Selection
Provisioning allows the original FUYL Portal admin to view and assign other FUYL admins from a list of synced SSO users in the FUYL Portal interface.
See Managing User Roles below for more information
Login ID
Login ID allows users to authenticate with a single attribute, such as Student ID, Barcode or a Lunch Code.
See the Login ID Set Up Guide here
Managing User Roles
By default, users authenticated through SSO have access to identify at the FUYL Kiosk, but specific workflows will grant or deny permissions for bay access.
Assigning Admin Roles
- Navigate to the Admins page within the Settings section.
- Click Assign User and search for the user from the directory.
- Select the user to assign admin privileges.