fylr can use the following authentication services (a.k.a. SSO - Single Sign On) to:

  • Authenticate user logins. Then your users can log into fylr with their existing credentials.

  • Apply group membership for rights management.

  • Retrieve user records: email address, display name, etc..


fylr can be connected to multiple LDAP servers. With or without TLS. Typically, a bind user (a.k.a. machine user) is used to allow the connection.


fylr can be configured to be a Service Provider against a SAML IDP. In other words: fylr can be connected to e.g. Shibboleth IDPs and Microsoft Azure Active Directory via SAML.


Shibboleth IDentityProviders can be connected via SAML to fylr, which then is a ServiceProvider.

Active Directory

Microsoft Active Directory, as used in a Local Area network, can be connected via LDAP.

Microsoft Azure Active Directory can be connected via SAML to fylr.


Kerberos is not supported by fylr. But if it is used in an Active Directory, LDAP can be connected instead.


We don’t support authentication against OpenID IDPs yet.


fylr is usually configured to accept multiple OAuth2 clients and you can add more (fylr in the server role). We don’t support authentication against OAuth IDPs yet (fylr in the client role).

Last updated