This article provides an overview of those PantrySoft features that offer recurring student authentication and identification (SSO and Eligibility features)
SSO ("Campus Signon") Authentication Feature, Eligibility ("Current Student") Feature
PantrySoft offers two features to campus pantries that aid them in student authentication.
SSO sign-on is a feature for the Client Portal, and guides students to your own campus authentication service (e.g. Shibboleth) before waiving them onto your PantrySoft Client Portal.
The PantrySoft Eligibility feature involves permitting pantry activity only for those students found on a whitelist (in the form of a .csv/ spreadsheet file). This allows you to fine-tune the growing list of students in your system, signifying which of them are currently permitted to receive services (i.e. the semester's active students). The automated version of this feature is a nightly upload of a .csv file, with each line representing only the white-listed students. This is usually sent nightly from your campus's ERP service ( e.g. Banner or Peoplesoft) into an online "bucket" (hosted by AWS)... where it is received nightly by PantrySoft and uploaded into your installation.
PantrySoft Eligibility Feature
PantySoft can update a list of currently eligible Clients (students in a University pantry) using the Eligibility feature. This feature is a spreadsheet loader for uploading pre-formatted rows of student information. At the minimum, the spreadsheet rows must include: SID (Student ID) and email address.
What does it do? Generally speaking, the Eligibility file is a whitelist. Clients not on this list cannot Register, and online portal Users can't even log in if they're bound to a Client record not on the list. Being absent from this list does not, however, destroy any existing Client records, nor does it even automatically change the Client's Client Status.
How does it Work? Absent any added features (see below), PantrySoft admin Users can manually upload a fresh spreadsheet of students any time they like. From then on, the system will modify its behavior as follows:
- Online Portal: Brand New User. Whenever an online portal User tries to login to create a brand new Client record for the first time, they will be permitted to login and be directed to a blank Registration page. After they enter the Registration information, including (crucially) their email and Account Number (Student ID for most University pantries), their Registration submission will be rejected with an error message if the Account Number and Email don't match one of the Eligible Client rows.
- Online Portal: Returning User with an Existing Client. Once PantrySoft has bound an online portal User (login and password) to their own Client record, the User will be permitted to log into the portal only if their Client's Account Number and Email address are currently present in the Eligibility file. If not, their login attempts will be refused with an error message explaining they are not currently permitted into the portal.
- Kiosk and Dashboard Client. Whenever a staff member tries to Register a brand new Client (or re-Register an old one), PantrySoft checks the Primary Member's Email address and the Client's Account Number against the Eligibility file. If the no match is found, the Registration will be denied in an error message to that effect.
(NOTE: For those pantries who wish to use this only to prevent online logins to their portal, enforcement of Eligibility in the Kiosk or Dashboard can be removed with a setting).
Automated Eligibility (e.g. nightly exchange with campus ERP)
If your campus uses an ERP (Enterprise Resource Planning) service like Banner to (among other things) manage student enrollment status across various campus services, we can wire PantrySoft to use this same technology to automatically update student eligibility overnight (generate a new, updated Eligibility spreadsheet) without the need for a manual upload.
For example, suppose an individual student drops out of your program. With ERP integration, PantrySoft would disable their client record automatically as soon as that student's status was affected in the campus ERP service. This would happen overnight. Without this integration, a Pantrysoft admin user at your school would need to log into Pantrysoft and either disable the Client record manually, or else upload a new spreadsheet absent the former student's name.
Technical Setup Procedure: The PantrySoft dev team will liaise with your IT department and have them set up their ERP system to automatically generate a report of current students including required particulars (First and Last Name, SID, and Email), and optional particulars (address, phone number, etc.). Your IT department would then also set up your system to deliver that report automatically into an AWS bucket. Once our dev team at PantrySoft receives access credentials to that bucket, we can point PantrySoft's Eligibility feature to use this automatically-generated report for its student record updates on a nightly cron.
SSO (e.g. Shibboleth)
A Single Sign On (SSO) service like Shibboleth is a third-party authentication service that provides online student identity verification for multiple online campus services. Alongside any current campus services, PantrySoft can also "handshake" with the campus SSO login/ authentication service your students already use to log them into the app. (Without this feature, students would use PantrySoft's native login procedure, where they'd create a dedicated username and password just for PantrySoft purposes.)
For example, your campus health service, student lunch program, and online class registration site might all currently redirect students to a sign-on page powered by the Shibboleth protocol for the purposes of logging in. Once Shibboleth has confirmed the student's identity, it authenticates that student to the program in question (logging them into, say, the campus health service). With PantrySoft SSO integration, students will be redirected to the same SSO service they use to access other campus services, which will authenticate them to PantrySoft, "waving them through" PantrySoft's login screen.
Technical Setup Procedure: The PantrySoft dev team will liaise with your IT department to handshake with your existing SSO service. For a University this service is most likely Shibboleth, which uses the SAML 2.0 XML protocol. Other SSO services like OpenID Connect might use the alternative oAuth protocol.