Login providers

Using Feide, you probably want to authenticate people using your service. Through Feide you can enable several login providers. You - as a service provider - decide which login providers your service should accept.

Here you will find more information about the different login providers, how to enable them and when to enable them.

In the customer portal you can enable the following login providers for your service:

Which login providers should you enable?

You need to make sure all your users are able to log in to your service, but you should probably not enable all login providers. That will just make your users confused.

Guidelines on enabling login providers

  • When your users are students, researchers, teachers or other employees in Norwegian education: Enable Feide login.

  • If you need to identify and authenticate users outside the education sector (i.e. parents, alumni): Enable ID-porten login.

  • When your users are international students, researchers or teachers/employees: Enable eduGAIN login.

  • If your users are in the EU but not students, researchers or employees at an institution with eduGAIN you could enable eIDAS.

  • If some of your users come from outside of the education sector, and all you need is a way to recognize them and link them to a user account, you should enable guest user login. Feide provides several guest user solutions: Twitter, Facebook, LinkedIn and Feide guest users.

  • During development and test phase, you can enable Feide test users. Be sure to disable before moving on to production environment.

How to enable Feide login

If your users are students, researchers, teachers or other employees in Norwegian education, you probably want to enable Feide login. In the Feide customer portal, you can enable which organizations that get access to activate the service when editing the service.

When editing the service, you get an overview over which organizations that have activated the service under “organization” and you can give access to organization to active the service under “Access”.

Screenshot of edit service

Screenshot of edit service

When editing “Access” you can select specific organization to give access to or you can give access to all primary and lower secondary schools, upper secondary schools, universities / university colleges and/or other organizations. After making changes remember to press “Save”.

Screenshot of edit service

Screenshots of enable access to active service

How to enable enabling other login providers

When adding or editing OIDC-configuration for a service in the Feide customer portal, you can enable other login providers in addition to Feide login.

Screenshot of available login providers

Screenshot of available login providers

If you enable all login providers, this is what your users will see the first time they log in:

Screenshot of available login providers

Screenshot of enabling all login providers in Feide login window

How to enable ID-porten login

If your users are people outside of education, i.e. parents or alumni, and you still want a high security level on your logins, you should enable ID-porten login.

To enable ID-porten, the following criteria must be met:

  • The service must be registered by an organization (not a private person).

  • The organization must apply for ID-porten login by sending an email to kontakt@uninett.no. Be sure to put “ID-porten login through Feide” in the subject and with a description of why the service needs ID-porten.

  • Only enterprises in public sector and enterprises carrying out tasks on behalf of, and wholly or partly funded by, the public sector can use ID-porten. More information about ID-porten terms of use (Norwegian only).

Uninett will invoice the service providers that use the ID-porten based on their share of the total number of ID-porten logins through Feide. The cost per login varies from year to year and is not set before Feide gets invoiced by DigDir/ID-porten because of their payment model.

See the terms of use with ID-porten login.

How to enable international login through eduGAIN

If your users are international students, researchers, teachers or other employees, you should enable eduGAIN login.

eduGAIN is an international trust exchange between Identity federations mostly in Europe, but also US, Brazil, Japan and more. It allows users abroad to login to Feide services with their local accounts, with trusted identity information through eduGAIN.

The global scope of eduGAIN adds some complexity when it comes to technical compatibility, semantics of attribute release and more. Feide tries to offload these challenges from applications and adopt a flexible attribute policy that works with many providers.

This is done when adding or editing OIDC-configuration for a service in the Feide customer portal under “Allow other login methods”. For services that is integrated through Feide with OIDC, the international universities need to first activate the service Dataporten provided by Uninett before activating your service.

To enable eduGAIN login on Feide, you MUST follow these eduGAIN policies:

How to enable international login through eIDAS

If your users are in the EU but not students, researchers or employees at an institution with eduGAIN you could enable eIDAS.

eIDAS is the European federation of citizen login and trust services and is connected to ID-porten. eIDAS gives individuals in the EU and the EEA access with one electronic id, and at the overall European level means that different countries approve each other’s solutions for authentication and user access. Norway participates in eIDAS, and this is administered via the ID-porten. As of February 2020, the following countries are connected in the production environment: Belgium, Croatia, Estonia, Italy, Luxembourg and Spain.

Follow the same procedure as when enabling ID-porten above. Use the subject “eIDAS login through Feide”.

Login through social media

Not all services need to know exactly who the user is and be 100% certain about the user’s identity. These services only need to recognize the user every time he or she logs in to build a low security user profile for the user.

For these services, login through social media can be a good way to authenticate users. Feide offers login through Facebook, LinkedIn and Twitter.

If you enable one or more of these, your users will log in to your service by their Twitter, Facebook or LinkedIn account. The user ID received by the service will be the user ID from Twitter, Facebook or LinkedIn.

The user can now log in to their favorite social media account.

This is done when adding or editing OIDC-configuration for a service in the Feide customer portal under “Allow other login methods”.

How to enable login for Feide guest users

For users that don’t have a Feide account, you can enable login through the “Feide guest users” solution, also known as OpenIdP.

The “Feide guest users” solution is managed by Uninett, and is in the process of being phased out. Notice however that the solution will be replaced and users will be alerted before it is removed.

This is done when adding or editing OIDC-configuration for a service in the Feide customer portal under “Allow other login methods”.

How to enable Feide test users

During the development and test phase, you can enable login for Feide test users. This is done by checking this box for test users when adding or editing OIDC-configuration for a service in the Feide customer portal

Screenshot of enabling Feide test users

Screenshot of enabling Feide test users

Be sure to disable Feide test users before you move your service to a production environment.

To get the test users send an e-mail to kontakt@uninett.no with information about which configuration is used and what type of organization the test users should come from (Primary and lower secondary schools, upper secondary schools and/or universities/university colleges)

To check what information is registered about the user, log in to innsyn.feide.no with the test user. We have some standard test users that can be used for testing, but we can also create new test users if the service needs it for testing.