SWITCH Identity Blog

The Identity Blog puts the spotlight on identity management, digital identities, identifiers, attributes, authentication and access management.

Managing User Affiliation with the Organisation Administrator Interface

Leave a comment

The edu-ID is a user-centric system in which users generally manage their account data themselves. And yet, some data relates to and is thus asserted by organisations like universities. Therefore, the edu-ID system provides several APIs for organisations so that they can manage data about users they are authoritative for. A new way to manage this data is the edu-ID administration interface for organisations, which is presented in this blog post.

Why an administration interface?

The web-based administration interface for organisations was created to provide them a place to:

  • review the most important statistics, status information about their organisation in the context of edu-ID
  • inspect, temporarily disable or terminate organisation affiliations of edu-ID users
  • create and manage technical edu-ID accounts
  • review changes performed by fellow administrators on their users
  • review and manage security, emergency and generic edu-ID service contacts for their own organisation

There already are several edu-ID APIs, the AAI Resource Registry and the SWITCH community portal that provide some of the above information and functions.But the organisation administration interface provides them in one single place.

How can it be used and who gets access?

The organisation administration interface is available at https://eduid.ch/web/organisation-administrator. It requires a login with an edu-ID account linked to an organisation. Currently, access to the interface is limited to Home Organisation or Attribute Release Policy administrators in the AAI Resource Registry for a given organisation.

What information and actions are available?

The following graphic provides a high-level overview about the different sections of the administration interface (subject to changes in the future):

organisation-admin-interface

A few more details on the user management aspects:

  • The search function is limited to reveal users who have an affiliation with the current administrated organisation.
  • The identity data of an edu-ID user account can be inspected but not changed.
  • An administrator can only inspect or change affiliation data of users affiliated with the administrated organisation. Data of other affiliations cannot be inspected or changed.
  • Currently, affiliation data of users cannot be changed. But current affiliations can be disabled or removed temporarily, which means that they are transformed to former affiliations.

What features will be added in the future?

An upcoming addition will allow administrators to review and manage the edu-ID API credentials for their organisation. Also, there is the idea to allow administrators to directly create affiliations for edu-ID users without these users to have to link an organisation AAI identity.

In general, we are open to requests and wishes when it comes to extend the administration interface. If you – as organisation administrator – miss a specific feature, please let us know via an e-mail to eduid@switch.ch.

Author: Lukas Hämmerle

I'm a member of the SWITCHaai team, the Swiss edu-ID team and task leader in the GÉANT project.

What's your opinion?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s