Skip to Content

Edugate FAQ

 

  • I'm the IT manager for my institution, what services will my users have access to through Edugate?

You can use Edugate to provide Single-Sign-On (SSO) to Edugate participating services, your own internal services and services other external services. Some services require a subscription with the provider.

  • As a service provider, do I still have to provision user accounts in advance?

In most cases, no, as many services support account provisioning on-the-fly (or 'just-in-time provisioning'). Provisioning on-the-fly creates accounts using the incoming user data provided by the institution when the user logs in. Only where the incoming data does not provide sufficient detail should bulk account provisioning still be necessary. Edugate can provide user, institution and role data that can be used to provision accounts on-the-fly.

  • Must I be a member of Edugate to use federated access?

No, you can agree bilateral or multi-lateral federated access agreements with organisations you trust outside of any federation. However, this approach will become unmanageable once the number of applications begins to increase and will result increased effort for your organisation.

  • Can I be a member of more than one federation?

Yes, however, being a member of more than one federation will increase the effort required to manage your federation software. It is recommended that institutions should first check if the federation you are a member of has any plans to join an interfederation scheme (such as that provided by eduGAIN) before joining a second federation.

  • Can I use Edugate within my organisation? 

Yes, Edugate can be used to deliver SSO within the organisation. Organisations that use Edugate internally as their SSO solution or use similar federated access without being a member Edugate. Using Edugate internally can enable applications to share user data between applications while at the same time reusing the same credentials and sessions. Access control decisions can be easily defined to allow easy selection of which applications are open to external access by other federation members users.

  • Can I replace my existing SSO solution with Edugate?

Yes, as explained above Edugate can provide internal SSO to your users. However, there may still be specific cases where your existing SSO solution may be a better fit than federated applications. Organisations who wish to replace their existing SSO solution with Edugate should plan an application-by-application migration strategy and use the same user repository for SSO and Edugate.

  • Can I integrate Edugate with my existing SSO solution? 

Yes, in fact some SSO products (such as CA Siteminder, Tivoli Access Manager and Sun Access Manager) can be easily integrated with Edugate, others can be integrated using the SSO solutions API and a certain amount of customisation. In either case there are there are two integration possibilities to integrate Edugate with your SSO solution. Firstly, as a service provider (SP) you should create an access control rule (ACL)in your SSO solution for external users who will access the applications you decide should be accessible externally. Your federated access software should request external users to authenticate using the home credentials and then authorise the user based on the users attributes, when this has been successful your SSO solution should then issue a SSO session token or cookie (using the ACL described above) that can then be reused on any SSO protected application. Getting your SSO solution to trust an Edugate session may be trivial or difficult depending on your SSO solution, but the benefit of not having to retrofit Edugate to all of your SSO enabled applications will make any effort worth it. The second option is to make your SSO authentication system issue an Edugate session so that when your users visit other organisations protected resources they are not prompted to authenticate. Again, the degree of integration effort will vary, but the benefit here is that your users experience a seamless login to external resources and will need to familiarise themselves with the SSO login screen only. A variant of this solution is to use the same user repository for Edugate that your SSO solution uses, but this will more than likely mean that the user will be prompted for login on a screen different to your current SSO solution.

  • Can I use Edugate in parallel with my SSO solution?

Yes, rather than integrating your SSO and Edugate as described above, you can run both solutions in parallel. You should use Edugate with applications that will be accessed internally and externally and use SSO on applications that will be used internally only. Another consideration is your applications native support for SSO or federated access, applications that will be accessed internally only may offer better native support for Edugate than SSO, in these cases you should choose to use federated access over SSO (in other words if your SSO solution requires you to significantly customise your application you should investigate how much customisation is needed for Edugate before deciding).

  • Which of my campus resources should I enable Edugate access to? 

You should enable Edugate on any of your resources that will be accessed by users who belong to another organisation and if the service is hosted off-campus and requires user authentication.

  • If authorisation to resources is based on user attributes, does that mean I will have to modify the schema of our student repository?

In almost all cases, the answer is 'No'. Most federated access software allows identity providers to map attribute names from the schema of the user repository to the federation schema, this mapping can be as simple as a one to one mapping or more complex. Where mapping is not possible, the existing campus schema can be extended rather than amended to support the Edugate schema. 

  • The Edugate schema does not contain enough data to fit my needs, what options do I have?

There are two options, you can agree to extend the schema with the co-operation of selected Edugate identity providers or your can synchronise the missing data outside of Edugate (Edugate can still be used for Single-Sign-On purposes).

  • Users at our institution have a frequently used faculty credentials and less frequently used institution credentials, which should credentials should we use for our Identity Provider?

Firstly, you should consider using Edugate or SSO internally to help you consolidate on a single user repository. If this is not feasible, you should have two choices, you can either use the single institutional repository or configure your identity provider software to query all your faculty repositories. Using multiple repositories is a practical option when there is no overlap on user id's between repositories, otherwise it becomes difficult to define queries to simulate uniqueness.

Who is Edugate for?

Edugate provides a single access mechanism that can enable access to online resources supporting alliances, research collaboration, consortia and shared services. Now users can use the credentials issued by their institution to access Edugate enabled web-sites and benefit from a personalised and persistent experience, with privacy features that put the user in control.

Enable users to use the campus directory credential to access Edugate enabled web sites beyond the campus boundary from anywhere, whilst protecting the campus directory from unnecessary searches and the user credentials from use on web sites beyond your control. 
 

Your patrons are individuals, not IP Addresses!
 
Enable publishers to provide users with a consistent and personalised experience regardless of their location or the device they are using.
Improve the end-user experience by providing Single-Sign-On and reducing the frequency of prompts for campus credentials.
Connect your patrons to your subscribed resources, regardless of where the user performs their search.

Restrict access to your club or society web-site to valid campus users without needing the campus IT department to provide you with access to the entire campus user database.
For student unions, Edugate enables online elections that can authenticate all students currently enrolled without needing to expose campus credentials or personal information.

Example: UL Students Union

Provide your suppliers with a means to interact with all campus members. Whether its parking management, physical access management, catering or sports facilities, Edugate can provide a secure means to validate staff and student status. Access cards or tokens can be issued online in a self-service manner, removing the some, if not all, of the paperwork.

Example: Apcoa Parking Management

When establishing any online service that will be used by multiple institutions, Edugate will provide a means to authorise access to the service by user, role or institution without having to issue usernames/passwords or other credentials to the users of the service.
Most research projects are collaborations and when it comes to hosting collaborative tools or sharing documents and data, Edugate enables the hosting partner to seamlessly grant access to the project content.

Example: NDLR Repository
Example: HEAR and DARE

Campus IT managers and IT security officers are increasingly reluctant to synchronise user credentials or open up campus directory services to applications that are hosted in the cloud. Even locally hosted managed applications that require the campus credential to be processed by the application present a security risk. Edugate is built on the open SAML federated access standard that is used in the financial services, aerospace and governmant eID and provides Single-Sign-On without the risks.

e-Government
Whether it's a central or local government service that needs to validate that a student is a current student, Edugate can open up the potential for numerous e-Government services for students (e.g. Grants and Tax Credits)

e-Commerce
When offering a student discount online, relying on a campus email address leaves the offer open to abuse since many institutions offer 'email for life'. Edugate will allow you to know if a customer is a current student and which institution the customer is affiliated to.