Eduuni-ID is Identity and Access Management based on the user’s email address.
Using the Eduuni Services requires that you register your email address and confirming it. Additionally, Eduuni-ID registration requires your first and last name and your organization’s name. However, the user can choose the login method himself.
Trusted sign-in methods include:
- Organization IDs if your organization is a member of the Haka, Virtu or eduGAIN identity federation member or if the organisation is using Microsoft Office 365 (Azure AD) services
- ORCID, B2ACCESS, MPASS or ELIXIR AAI -IDs
- Google, Microsoft, LinkedIn, Facebook or Twitter.
When registering, the user-selected login method will be associated with Eduuni-ID. So, Eduuni users are not sent separate passwords that are easily forgotten, but everyone logs on with their own existing passwords. The user also has the option to change the login method without affecting the user’s identity or access rights.
Email registered as a Eduuni-ID will be re-verified every year. This ensures that the user is still the owner of the email address of the organization they represent. With Haka, Virtu, and Office 365 (Azure AD) sign-in, you no longer need to explicitly confirm email address management if the information sent by the sign-in server comes with the same email address that the user has registered.
Eduuni-ID Single Sign-On (SSO) can also be used for organizations’ own services or cloud services (SaaS). Eduuni-ID has the advantage of easy email-based access control and fully self-service identity management. Eduuni-ID SSO also allows you to supplement your Eduuni Service Packages with your own services.
Eduuni-workspaces (SharePoint) allows you to grant access directly to email addresses. So sharing a site with members of a network, for example, is as easy as sending an email. Email addresses do not need to be registered Eduuni-ID identities. Later, when the user registers and validates own email address as a Eduuni-ID, user will be granted access to any of the sites that have been granted permission.
Eduuni-workspaces group management can also be extended to all other Eduuni Services, including organizations’ own services that use Eduuni-ID to log in.
Groups in Eduuni-workspaces can be published by adding a # before any group name. When group members sign in to any service that uses Eduuni-ID, group information is sent along with other login information (SAML, WS-fed.). Group information is sent in the form eg. https://tt.eduuni.fi/sites/tyotila#tyotila-members. Before the #-sign you will be told where the group is hosted and after the #-sign the name of the group will be stated.
It is also possible to grant access to the e-mail domain in services that utilize Eduuni-ID. By giving access to eg. @csc.fi, you can easily create intranet or extranet types of sites within your organization.