How to manage access to service through Feide

If your users are students, researchers, teachers or other employees in Norwegian education, you probably want to enable Feide login. All public universities/colleges and primary schools, and several private primary schools use Feide today. You can find an overview of organizations that use Feide here .

Does your service need to identify and authenticate international users or people outside the education? When using OpenID Connect, a service can enable other login providers in addition to Feide. This is done under the “configuration” tab. More information about login provider is available at OIDC configuration.

You enable which organizations or individual schools that get access to activate your service under the tab “Host organization”.

If the service is published, the organizations have access to activate the service. Each individual organization must actively choose to activate the service. Feide activation is opt-in, meaning you as a service provider can only give access to the organization. They in turn have the responsibility of activating the service before login becomes available to their users.

Feide administrators at the host organizations can activate the service in Feide’s customer portal. There they can search for the service by: name, description, or name of its service provider. Only after the service has been activated by the organization can users login to the service by selecting their organization in the Feide login to the service.

How to give access to a service for the whole host organization

The host organization is the school owner in primary and secondary education, i.e., the municipality or county municipality. If you give access to a municipality or county municipality, it will be given to all their schools.

Choosing which host organizations have access to activate the service is done in the customer portal under the “Host organization” tab when editing the service. You will also get an overview of which organizations/schools you have given access in addition to those who have activated the service.

Click on “Edit activation access” to give access to an organization to activate the service

../../../_images/school8.png

When editing access, you can select specific host organizations to give access to or you can give access to all primary and lower secondary schools, upper secondary schools, universities / university colleges and/or other organizations.

Screenshot of enabling access to activate service

After making changes remember to press “Save”.

How to give access to a service for individual schools

Note

A limited selection of services are participating in testing our new functionality and can restrict access to individual schools at the host organization. If you are not participating in the pilot but wish to try it out before it goes into production, send an email to kontakt@sikt.no.

Choose which host organizations or individual schools will have access to activate the service in the customer portal under the “Host organization” tab when editing the service.

You get an overview of which organizations have been given access to activate the service in the column “Given access” and have activated the service in the “Activated” column.

To see the names of the schools that have been given access or are activated the service, you need to edit activation access.

You enable which organizations that get access to activate the service by clicking on “Edit activation access” in the right top corner of the page.

../../../_images/school10.png

When editing which organization that get access to the service you get an overview of all the organizations that you can give access to.

The organizations that have been given access are marked with an icon on the left side of the organization name. The icon is a figure of an organization structure to illustrate if the whole organization has access to the service or if part of the organization has access. If the whole figure is filled, the whole organization has access. If one of the boxes in the icon is filled, access has been given for individual schools.

You can filter this view by type of organization: Primary and lower secondary schools, Upper secondary schools, Universities and university colleges or Other. “Other” are organizations like museums, research institutes, government bodies or student associations.

If you want to give access to a specific organization or school, you can use the search field to find the organization. You can search for name and organization number both for the organization that is the school owner and the organization units that are the schools.

When giving access, click on the organization and then select if the entire organization gets access or individual units/schools.

../../../_images/school11.png

When you select an organization, it gets added to the access view at the right.

There you get an overview of which organizations you have selected to give access to. Access will not be given until you save the changes. This is done by clicking “Save” at the bottom of the page. If you leave the page or click “Cancel”, the selected organizations will not get access to activate the service.

../../../_images/school12.png

By giving access to “Entire host-organization including future units/schools,” you give access to activate the service to the entire organization, including possible future units/schools.

../../../_images/school13.png

By giving access to “Individual units/schools,” you can select which schools in the municipality or county municipality to give access to.

Warning

If the service only has given access to individual school at a host organization that is not participating in the pilot for the new functionality, they will not get access to activate the service at all. They either need to join the pilot or the service must be activated for the entire organization.

../../../_images/school14.png

Note that this does not include users that are not registered under any units/schools. Users who are not registered under any units/schools typically work in central IT at the organization.

To save the changes, click the “Save”-button at the bottom of the page.

How to remove access for organizations

Services can remove access for organizations that have prior been given access but has not activated the service.

../../../_images/school15.png

This is done in the customer portal under the “Host organization” tab when editing the service, by clicking on “Edit activation access” in the right top corner of the page.

../../../_images/school20.png

Find the organization you want to remove access for. All the organizations that have been given access are at the bottom of the list, but you can use the search field to search after a specific organization or school.

Click on the name of the organization to get the access options.

If you want to remove access for the whole host organization, select “No access”

../../../_images/school21.png

If you only want to remove access to specific school(s) at the host organization, select “individual unit / schools” and remove the checkmark for the school(s) you want to remove access for.

../../../_images/school22.png

If the host organization has activated the service, you will get the following error message: “disabled because organization is activated”. This is because you can’t remove access to a service that the organization already activated.

If you want the host organization not to use your service, they need to deactivate the service first and then you can remove the access.