Skip to Content

Best practice checklist


  1. IDP login and error page should be customised.

  2. IDP Status URL should be monitored by HEAnet

  3. IDP should publish authentication statistics for Cactii and Raptor.

  4. IDP should have a persistentID database (see the instructions for Windowsor Unix) and be capeable of providing nameid's in the persistent and transient format.

  5. IDP should have uApprove or other consent module (see the uApprove installation guide)

  6. IDP should re-publish its latest copy of the federation metadata to a URL

  7. IDP should publish its own metadata to a URL

  8. IDP should download metadata every 20 minutes

  9. IDP should refresh config every 20 minutes of the following;

    1. remotely hosted attribute-filter.xml

    2. locally hosted attribute-resolver.xml (to avoid restarts)

  10. IDP Operator should integrate IDP monitoring as follows;

    1. LDAP connection

    2. DB connection

    3. IDP Status URLs

    4. Diskspace

    5. Access to

    6. IDP SSL certificate expiry

  11. IDP should handle connection timeouts to DB and LDAP gracefully and failover to 2nd LDAP or DB.

  12. IDP should narrow LDAP search to required attributes only

  13. IDP should produce eduPersonScopedAffiliations for at least staff and student rather than the single value of member. Alumni and affiliate values should also be produced. See Mapping the local schema to the Edugate schema

  14. RollingFileAppender should use .gz compression
  15. logging.xml should enable PROTOCOL_MESSAGE debug level.
  16. Logout should be supported
  17. Login page should render on mobile devices and show MDUI (Service provider logo, name and description)


Who is Edugate for?

Edugate provides a single access mechanism that can enable access to online resources supporting alliances, research collaboration, consortia and shared services. Now users can use the credentials issued by their institution to access Edugate enabled web-sites and benefit from a personalised and persistent experience, with privacy features that put the user in control.

Enable users to use the campus directory credential to access Edugate enabled web sites beyond the campus boundary from anywhere, whilst protecting the campus directory from unnecessary searches and the user credentials from use on web sites beyond your control. 

Your patrons are individuals, not IP Addresses!
Enable publishers to provide users with a consistent and personalised experience regardless of their location or the device they are using.
Improve the end-user experience by providing Single-Sign-On and reducing the frequency of prompts for campus credentials.
Connect your patrons to your subscribed resources, regardless of where the user performs their search.

Restrict access to your club or society web-site to valid campus users without needing the campus IT department to provide you with access to the entire campus user database.
For student unions, Edugate enables online elections that can authenticate all students currently enrolled without needing to expose campus credentials or personal information.

Example: UL Students Union

Provide your suppliers with a means to interact with all campus members. Whether its parking management, physical access management, catering or sports facilities, Edugate can provide a secure means to validate staff and student status. Access cards or tokens can be issued online in a self-service manner, removing the some, if not all, of the paperwork.

Example: Apcoa Parking Management

When establishing any online service that will be used by multiple institutions, Edugate will provide a means to authorise access to the service by user, role or institution without having to issue usernames/passwords or other credentials to the users of the service.
Most research projects are collaborations and when it comes to hosting collaborative tools or sharing documents and data, Edugate enables the hosting partner to seamlessly grant access to the project content.

Example: NDLR Repository
Example: HEAR and DARE

Campus IT managers and IT security officers are increasingly reluctant to synchronise user credentials or open up campus directory services to applications that are hosted in the cloud. Even locally hosted managed applications that require the campus credential to be processed by the application present a security risk. Edugate is built on the open SAML federated access standard that is used in the financial services, aerospace and governmant eID and provides Single-Sign-On without the risks.

Whether it's a central or local government service that needs to validate that a student is a current student, Edugate can open up the potential for numerous e-Government services for students (e.g. Grants and Tax Credits)

When offering a student discount online, relying on a campus email address leaves the offer open to abuse since many institutions offer 'email for life'. Edugate will allow you to know if a customer is a current student and which institution the customer is affiliated to.