Attribute groups

What information the service can receive about the end user is defined in the attribute groups that the service provider sets for the service in the customer portal (kunde.feide.no).

The attribute groups contain a set of attributes about the user and the organization sent from the host organization’s directory. The availability of the information depends on whether it is registered about the user in the host organization’s directory. Read about attributes and their availability in Feide documentation.

Before selecting attribute groups think about what information the service needs to know about the user and organization. Avoid requesting access to more information than the service needs to work. Some services only need to log in to ensure that there is a person associated with the education sector, while others need more to personalize the service for the user. If you find out later that the service needs more information about the user, you can add more attribute groups.

Under is an overview of which attributes each attribute group contains.

Personal information

Below are attribute groups with personal information about the user like name, user identifier, mail, mobile and preferred language.

Name (userinfo-name)

Attribute name

givenName

Given name

sn

Surname

norEduPersonLegalName

Legal name

displayName

Display name

cn

Common name

User identifiers at organization (userid-feide)

Attribute name

eduPersonPrincipalNamePrior

Person’s previous Feide IDs at the organization

eduPersonPrincipalName

Person’s Feide IDs organization

uid

User name

eduPersonTargetedID

Service specific identifier

Only available with SAML configuration

Mail (email)

Attribute name

mail

Email

Mobile (userinfo-mobile)

Attribute name

mobile

Mobile

Preferred language (userinfo-language)

Attribute name

preferredLanguage

Preferred language

Identity number (userid-nin)

The information in this attribute group is by the general public and Feide considered as semi-sensitive information. This attribute group is only released where actual need is demonstrated.

Therefore, it can only can be added to a service by Uninett. Send an email to kontakt@uninett.no and explain why the service requires this attribute group, and why it is not enough with another user identifier available through Feide.

Attribute name

norEduPersonNIN

Identity number assigned by public authorities

Identity assurance (userinfo-assurance)

Attribute name

eduPersonAssurance

Identity assurance

Roles, affiliations and groups

Below are attribute groups with information about the user’s roles, affiliations and groups in their organization.

Organizational affiliations (groups-org)

Information about the home organization, organization unit (school/department) and the person’s roles in the organization.

Attribute name

eduPersonAffiliation

Affiliation at home organization

eduPersonPrimaryAffiliation

Primary affiliation at home organization

eduPersonScopedAffiliation

Affiliation and institution at home organization

eduPersonOrgUnitDN:norEduOrgUnitUniqueIdentifier

Unique identifier of home organization

feideSchoolList

List of schools

eduPersonOrgUnitDN:ou

Name of organization units

eduPersonOrgUnitDN:mail

Email address of organizational unit

eduPersonOrgDN:norEduOrgNIN

Organization number

schacHomeOrganization

Realm of home organization

eduPersonOrgDN:o

Name of home organization

eduPersonOrgDN:eduOrgLegalName

Legal name of home organization

eduPersonOrgDN:mail

Organization email address

eduPersonOrgUnitDN

Distinguished name of organization unit

eduPersonPrimaryOrgUnitDN

Distinguished name of primary organization unit

eduPersonOrgUnitDN:postalAddress

Postal address of educational unit

eduPersonOrgUnitDN:telephoneNumber

Telephone number of organizational unit

eduPersonOrgUnitDN:norEduOrgAcronym

Acronym for the organizational unit

eduPersonOrgDN:cn

Common name of home organization

EduPersonOrgDN used in universities and university colleges and EduPersonOrgDN in primary and secondary schools.

Distinguished name of home organization

eduPersonOrgDN:norEduOrgUniqueIdentifier used in universities and university colleges and eduPersonOrgDN:norEduOrgUniqueIdentifier in primary and secondary schools.

Unique identifier of home organization

eduPersonOrgDN:telephoneNumber

Telephone number of home organization

eduPersonOrgDN:eduOrgHomePageURI

Home page of home organization

eduPersonOrgDN:norEduOrgAcronym

Acronym for the educational institution

eduPersonOrgDN:norEduOrgSchemaVersion

Version of norEdu specification of home organization

Education groups (groups-edu)

For primary, lower and upper secondary schools, this provides access to grade, basis groups, teaching groups and other groups registered in the attribute eduPersonEntitlement.

For users in higher education, this gives access to groups from the Common Student System (Felles studentsystem).

Groups in eduPersonEntitlement

For users in primary, lower and upper secondary schools, group data is registered in the eduPersonEntitlement attribute.

These are eduPersonEntitlement values starting with urn:mace:feide.no:go:grep: and urn:mace:feide.no:go:group:.

The values starting with urn:mace:feide.no:go:grep: describe the grade, education program and program area of the student. For primary and lower secondary school this contains the grade level. For upper secondary school, this contains grade level, education program and program area.

More information about GREP values in Feide can be found here.

The eduPersonEntitlement values starting with urn:mace:feide.no:go:group: contain the basis groups, teaching groups and other groups for both students and teachers in primary, lower and upper secondary schools.

Example of Group: urn:mace:feide.no:go:group:b::NO975278964:6a:2014-08-01:2015-06-15:student:Klasse%206A

More information about registration of group values in Feide can be found here.

Group entitlements from Common Student System (FS)

This is only available to services that integrate with Feide using the OpenID Connect protocol.

FS is the Common Student System (Felles studentsystem). It is a study administration system developed for universities, scientific colleges and national university colleges. FS is developed by Unit – The Norwegian Directorate for ICT and Joint Services in Higher Education and Research.

Feide has an agreement with Unit for obtaining the following group information for users in higher education: subjects, classes, years and programs.

To get this access to this group data, Uninett must enable it for your service. Send a request to kontakt@uninett.no with name of the service and why the service needs information about groups from FS.

Group members’ identifiers (groups-memberids)

Identifiers of other members of the user’s groups

This allows the service to retrieve information about teachers and students in a group, without each student having logged in beforehand.

This is only available with OIDC-configuration

To get this information in the attribute group, Uninett need to add this to the service. Send a request to kontakt@uninett.no containing the name of the service and why the service needs information about groups.

More information about receiving this information, read about the group API.

Custom prefix (userinfo-entitlement)

Custom prefixes for the eduPersonEntitlement attribute.

Not commonly used attributes

Other groups (groups-other)

Ad hoc groups from minside.dataporten.no

Date of birth (userinfo-birthdate)

Attribute name

norEduPersonBirthDate

Date of birth

feideYearOfBirth

Year of birth

Title (userinfo-title)

Attribute name

title

Title in the organization

Other phone number (userinfo-phone)

Attribute name

telephoneNumber

Telephone number

homePhone

Home telephone number

Local identity number (userid-lin)

Attribute name

norEduPersonLIN

Local identity number, i.e. student or employee number

ORCID researcher identifier (userid-orcid)

Attribute name

eduPersonOrcid

ORCID researcher identifier