Site admins can use Flywheel's CILogon integration to allow users from other institutions to sign in to your Flywheel site using their institution's credentials. There are two steps to this process:
This article includes additional troubleshooting steps for the following errors:
By default, not all 4000 Identity Providers (IdPs) supported by CILogon are enabled on your site. To add a new IdP:
Verify that the institution is included in this list of supported identity providers. CILogon. In general the list includes all the identity providers registered with InCommon plus all the identity providers InCommon imports from eduGAIN.
Contact Flywheel support to add the identity provider to your site.
Once added, verify the expected format for the username:
Instruct a user from the institution you just added to go to login.flywheel.io, and click CILogon.
The user is redirected to CILogon
The user should select their institution from the dropdown menu, and click Log On.
The user will be redirected to their institution's sign in page. Once they successfully sign in, they are redirected back to Flywheel. The following message appears "Login was successful, but <username> is not set up as a user within Flywheel. Contact an administrator to get registered to the platform"
Use the email noted in the message as the username when you add the user to Flywheel. The username is case sensitive.
This username may be different than the users email address. This is because Flywheel uses the ePPN (eduPersonPrincipalName) field. If the email in the error message did not work, see below the troubleshooting steps below for other ways to find the ePPN.
If you see the error message, "Login was successful, but <username> is not set up as a user within Flywheel. Contact an administrator to get registered to the platform", you need to add the user to Flywheel. If you have already added the user to Flywheel using their email address, you should update the username to use username in the error. This is the users eduPersonPrincipalName (ePPN). This name can be different from the users email address.
If you still see the error after adding the username from the error, you find the ePPN for a user by following the steps below:
Navigate to https://authtest.flywheel.io.
Click University Credentials via CILogon.
Select the institution from the dropdown list. You are redirected to the institution's sign in page.
If the institution does not appear in the dropdown, contact Flywheel to enable it.
After you successfully sign in, you are redirected to the Flywheel Token Debugger page.
"https://flywheel.io/eppn". The value after is what you should enter for the username in Flywheel. All users you add from the institution will follow this same format.
The following error appears if you select an institution from the dropdown list that has not yet been enabled on your Flywheel site: "IdP <address> is not whitelisted. Contact an administrator to add your login provider"