Foldr Authentication

How does the Foldr User Login Work?

Your users will no longer see a username/password box when they go toRoom Booking, but a Login and continue button. On clicking this button, one of two things will happen:

If there is an existing login session on Foldr for the user, and their email matches an existing Room Booking user account, the user will be instantly logged in.
If there's no existing login session on Foldr for the user, they will be sent to the Foldr login page where they can log in. On doing so (and if there is an existing user account with a matching username) they will be logged into the Room Booking.

Prerequisites

As you need to sign into existing accounts, usernames assigned to users in Room Booking must be the same as that set on that user account in Foldr.

Foldr Setup

In order to set up Foldr to handle SSO follow these steps:

In your Foldr Admin panel, go to Single Sign-On.
Go to the Identity Provider tab.
Make sure that the Enable Foldr Identity Provider? option is turned on.
Click Add New Service Provider then select Room Booking System from the list.

You'll then be taken to the Add New Service dialog.

Go to the SSO tab and set the page up as follows, replacing sysname with the first part of your Room Booking URL.

For example, if your Room Booking link is https://greenabbey.roombookingsystem.co.uk, you would replace systemname with greenabbey

Setting	Value
Name ID Format	Transient
ACS (Consumer) URL	https://systemname.roombookingsystem.co.uk/saml/module.php/saml/sp/saml2-acs.php/systemname.roombookingsystem.co.uk
Relay State	https://systemname.roombookingsystem.co.uk

Next, go to the Attributes tab and configure as follows:

Name	Value
eduPersonAffiliation	%department%
givenName	%givenname%
email	%email%
eduPersonPrincipalName	%username%
sn	%surname%

When adding these attributes, please ensure that you select the Basic Name Format setting:

On the Permissions tab, you can use the Add user or group button to allow/deny users access to/from the Room Booking System. For example, if you have a group for your Room Booking users, add them. Alternatively, you can use the contextual search on the pop-up to select individual users. As you type, suggestions will appear.

While testing, you may wish to enable the app for everyone and then subsequently remove access as required.
Click Save Changes at the top to return to the main Single Sign On page.
Double click the Room Booking System app to open it's settings again.
On the Info tab for the service, take a copy of the Metadata URL as you will need this later.

Room Booking Setup

having completed the setup in Foldr you need to do the same in Room Booking:

Go to Settings > Authentication > SAML/ADFS Single Sign-on.
For our recommended setup, check all the boxes in this section. Their functions are shown below the options. The Automatically Create New Users option will create new users when they log in in for the first time.
Select Metadata URL (auto-refresh).

You will see two text boxes, one for the Metadata URL, the other for the Entity ID. Enter the Metadata URL you copied in step 10 of the previous section of this guide.
The entity ID is the Issuer/Sign-in URL (e.g. https://systemname.minnow.it/sso/A1AA1/ ).

Testing/Troubleshooting

Once setup is complete, you can test it by going to the Room Booking user login page. You should see a Foldr login page instead of our usual login. Assuming you have been granted permission to gain access in Foldr's permissions section you should be sent to the Room Booking user dashboard.

If not, please check the following:

If you are directed to our normal login page (see below) with a red error saying Could not auto-login as your username wasn't found on the system ensure your username in Room Booking matches the one provided by Foldr. Alternatively, if the user you are trying to log in as is not already a user in Room Booking make sure the Automatically create new users option referred to above is enabled.
If you see the above error but are convinced the usernames on Foldr and Room Booking are the same, please get in touch with us using the details at the end of this section.
If you are directed to our normal login page without any error displayed, please check the URL in the address bar to see if there are any attributes not being sent. In these cases, it is common for the username attribute not to be sent. Ensure your attributes in the Foldr SSO setup for Room Booking are as above.
If the user is logged in with no issues but doesn't see their old bookings, it's likely that either:
- The username was not an exact match and Automatically create new users is turned on, or
- The username was an exact match and Automatically create new users is turned on, but the account being used previously was not set to be logged into via single sign-on.
  In this situation, please email us using the contact details at the end of this section and let us know what happened.
If you are directed to the Foldr login page but then see the following, you do not have permission to sign into Room Booking via Foldr.
Please check the SSO permissions section within Foldr to remedy this.
If you see the following error page, please get in touch with us using the details at the end of this section.

If you require any specific assistance with the setup, please get in touch with us by either calling on 0333 344 3403 or emailing us on schoolcloud@tes.com.

Post Test Setup

Following your initial tests, there may be some outstanding tasks to be completed:

If you set the application up with locked-down access in Foldr, you may need to open this access up to the rest of your users.
If you had users on the system previously, we will need to amend them so they can work with your new authentication method. Please drop us an email on schoolcloud@tes.com and let us know that you've just set up Foldr authentication and you'd like to make this live for all users. We will be happy to assist with this process.