Overview
Setting up authentication for your FUYL Smart Locker System is a critical first step. This guide will help you select the correct combination of integrations and workflows based on your intended use-case and avoid potential obstacles when using specific IdP (Identity Provider) combinations.
For the purposes of this guide, it's important to understand how FUYL attains user data:
- SSO: Allows users to be uniquely identified as members of your organization. Access to FUYL is granted or denied in your own IdP, and only basic information is available in FUYL.
- Provisioning: Gathers additional information from your IdP, such as groups, their membership and specifically mapped user attributes (like Login ID/Barcode values).
How will users authenticate?
Before configuring anything, decide how you wish users to interact with your locker:
- Authenticate using SSO (Typically email address and password)
- Authenticate using Login ID (Any single attribute)
- Authenticate using Barcodes (Including QR codes)
How will access be authorized?
Next, consider whether your future workflows will need to be restricted to specific users/groups.
- All workflows will be available to all users in your IdP
- Some workflows will require restriction to specific users or groups
Are there IdP specific limitations I should consider?
Certain IdPs have limitations that can require a different approach to achieve your chosen authentication/authorization combination.
Google Workspace
While Google Workspace allows seamless integration as an IdP for Single Sign On (SSO), provisioning can only currently be used for group membership.
If Login ID/Barcode is part of your intended user authentication, consider using the SFTP configuration for provisioning. This can still be automated.
Clever Badges
Clever supports badge-based authentication for students, but setting up Clever requires additional configuration steps. Clever primarily supports SSO and group provisioning but may not map attributes like barcodes directly.
For more information and assistance with configuration, contact Support.
Configuration
Having answered the questions above, proceed with your configuration as follows:
Username and Password (SSO) without restricted workflows
- Set Up SSO:
- In the FUYL Portal, navigate to Settings > Users > Single Sign On.
- Select your IdP (e.g., Microsoft Entra).
- Follow the on-screen prompts to enter the SSO metadata (Issuer URL, SAML certificate, etc.).
- Save your configuration.
- Skip Provisioning Setup:
- No provisioning is needed if all users can access all workflows.
Username and Password (SSO) with user/group restricted workflows
- Set Up SSO:
- In the FUYL Portal, navigate to Settings > Users > Single Sign On.
- Select your IdP (e.g., Microsoft Entra).
- Follow the on-screen prompts to enter the SSO metadata (Issuer URL, SAML certificate, etc.).
- Save your configuration.
- Set Up Provisioning:
- In the FUYL Portal, go to Settings > Users > Provisioning.
- Connect your IdP and enable provisioning to sync group memberships.
- Skip mapping a Login ID attribute.
- Sync the provisioning data.
- When creating/editing your Workflows, you will be able to restrict access to specific groups.
Login ID or Barcodes with a fully supported IdP (with or without group restriction)
- Set Up SSO:
- In the FUYL Portal, navigate to Settings > Users > Single Sign On.
- Select your IdP (e.g., Microsoft Entra).
- Follow the on-screen prompts to enter the SSO metadata (Issuer URL, SAML certificate, etc.).
- Save your configuration.
- Set Up Provisioning:
- In the FUYL Portal, go to Settings > Users > Provisioning.
- Connect your IdP and enable provisioning to sync group memberships.
- Map your Login ID to a relevant attribute name from your IdP (e.g., "employeeId" in Entra).
- Sync the provisioning data.
- When creating/editing your Workflows, you will also be able to restrict access to specific groups.
Login ID or Barcodes without a fully supported IdP
- Set Up SSO:
- In the FUYL Portal, navigate to Settings > Users > Single Sign On.
- Select your IdP (e.g., Microsoft Entra).
- Follow the on-screen prompts to enter the SSO metadata (Issuer URL, SAML certificate, etc.).
- Save your configuration.
- Set Up Provisioning:
At this stage, it is strongly recommended to involve LocknCharge Support for assistance with SFTP configuration.
Troubleshooting
Should you encounter an obstacle at any point during the process, don't hesitate to reach out to support or your onboarding contact for help.