Using Dataporten, you probably want to authenticate people using your service. Through Dataporten you can enable several login providers. You - as a service provider - decide which login providers your service should accept.
Here you will find more information about the different login providers, how to enable them and when to enable them.
In Dataporten Dashboard you can enable the following login providers for your service:
- International education login, eduGAIN
- Social media login
- Feide guest users
- Feide test users (for test purposes only)
Which login providers should you enable?¶
You need to make sure all your users are able to log in to your service, but you should probably not enable all login providers. That will just make your users confused.
Guidelines on enabling login providers¶
- When your users are students, researchers, teachers or other employees in Norwegian education: Enable Feide login.
- If you need to identify and authenticate users outside the education sector (i.e. parents, alumni): Enable ID-porten login.
- When your users are international students, researchers or teachers/employees: Enable eduGAIN login.
- If some of your users come from outside of the education sector, and all you need is a way to recognize them and link them to a user account, you should enable guest user login. Dataporten provides several guest user solutions: Twitter, Facebook, LinkedIn and Feide guest users.
- During development and test phase, you can enable Feide test users. Be sure to disable before moving on to production environment.
Enabling login providers in Dashboard¶
When registering your service in the Dataporten Dashboard, you will enable login providers on the page “Login providers”:
If you enable all login providers, this is what your users will see the first time they log in:
How to enable Feide login¶
If your users are students, researchers, teachers or other employees in Norwegian education, you probably want to enable Feide login. In Dashboard, you will enable “Utdanningssektoren”. Be sure not to mix up with “Feide gjestebrukere” or “Feide testbrukere”.
If your service should accept logins only from primary schools, secondary schools or higher education, or just specific schools, you will configure this as well in Dashboard:
This will allow logins from Tromsø kommune, Univeritetet i Bergen, and NTNU only.
How to enable ID-porten login¶
If your users are people outside of education, i.e. parents or alumni, and you still want a high security level on your logins, you should enable ID-porten login:
To enable ID-porten, the following criteria have to be met:
- The service has to be registered by an organization (not a private person).
- The organization has to apply for ID-porten login by sending an email to firstname.lastname@example.org. Be sure to put “ID-porten login through Dataporten” in the subject.
How to enable international login through eduGAIN¶
Support for eduGAIN in Dataporten is available for pilot users from spring 2017. Ask us for more information by sending an email (email@example.com).
If your users are international students, researchers, teachers or other employees, you should enable eduGAIN login.
eduGAIN is an international trust exchange between Identity federations mostly in Europe, but also US, Brazil, Japan and more. It allows users abroad to login to Dataporten services with their local accounts, with trusted identity information through eduGAIN.
The global scope of eduGAIN adds some complexity when it comes to technical compatibilty, semantics of attribute release and more. Dataporten tries to offload these challenges from applications and adopt a flexibly attribute policy that works with many providers.
If would have users from foreign univerities that are connected to eduGAIN, you may help us test, verify and configure these users to properly connect through eduGAIN. Contact us firstname.lastname@example.org to get more information.
To enable eduGAIN login on Dataporten, you MUST follow these eduGAIN polciies:
How to enable login for Feide guest users¶
For users that don’t have a Feide account, you can enable login through the “Feide guest users” solution, also known as OpenIdP.
The “Feide guest users” solution is managed by UNINETT, and is in the process of being phased out. Notice however that the solution will be replaced and users will be alerted before it is removed.
How to enable Feide test users¶
During the development and test phase, you can enable login for Feide test users:
Be sure to disable Feide test users before you move your service to a production environment.