Search

Skip to end of metadata
Go to start of metadata

The UK federation is promoting a service called VerifID which allows staff and students from qualifying institutions to get discounts at various retailers. See: https://www.ukfederation.org.uk/content/Services/2020-01-07-VerifID

This page covers how to make sure you're set up to help your users get these discounts.

Prerequisites

  1. You need to be in the UK Access Management federation. Check this under Management > Connections and look in the federations section

What you need to check (or change)

Step 1

The first thing to check is your attribute release policy: Preferences > Attribute release.

Look first at the global policy at the top of the page. What you want to see there is a green square saying role with a tick. If you see that, go to step 2

If you don't see it, click on the add policy button and start typing VerifID - select it when you see it.

From the list of attributes you see, find and click on Role to turn it green and show a tick. Click on done on the policy, and then save at the top of the page.

 

or

 + 

Step 2

Next thing is to look at your permission sets. Are they assigned in a way that can tell the difference between staff and student?

 Yes, I already split my permission sets by staff and student

That's good news - you already have everything you need, and may already be set up for this.

  • List your permission sets (Resources > Permission sets)
  • For as many permission sets as it takes to cover all staff (might only need one), select it in the list to open up the details and switch to the attributes tab.
    • Look at the role - there's a drop down of choices, and if it doesn't already say staff, change it to staff.
    • Save changes and repeat as necessary
  • Do the same for students  
  • Make yourself a nice cup of tea - you're done
 I don't currently have different permission sets for staff and students

What you need to do here depends on if you are using OpenAthens accounts, or have connected a local directory. A way to tell is to go to reports.openathens.net  and look at the Accounts > Totals report. If mostly listed as 'Personal' then you're using OpenAthens accounts. If they're mostly listed as a name your IT guys might have come up with, then you're using local accounts.

In both cases you'll need to add two permission sets (Resources > Permission sets > Add), one for staff, one for students, and on the attributes tab of both select the appropriate role.

 

 I'm using OpenAthens accounts
I can tell staff and student apart by group, or other factor such as Email

If your staff are in a group...

  1. Accounts > List
  2. From the group button, select the group that represents staff (if you have multiple groups, you may have to repeat this)
  3. Use the select all option (to the far left of the group button)
  4. From the actions button that has appeared, select the allocate permission sets option
  5. Tick your staff permission set and then allocate

  

Then repeat for students (do staff first because they are usually the smaller group and it leaves you 'everything else' for student)

If your staff have other distinguishing features, use search. This example assumes staff have a slightly different email domain:

  1. Click on 'Advanced' next to the search box at the top of the page
  2. Set the options as
    1. Live accounts
    2. Include all three types of accounts
    3. me and all my sub-organisations
    4. Only show results where...
  3. It's at this point you pick your distinguishing attribute or attributes. Let's assume for this example that student emails are all something@institution.ac.uk and staff are all something@staff.inst.ac.uk. For this you would chosse where Email address matches staff.inst.ac.uk
  4. From the result list, select all and then use the actions button to assign your staff permission set as above

 

Then do similar for the students (e.g. search for institution.ac.uk, or -staff.inst.ac.uk). 

I can't tell staff and student apart by any existing means

You will need to identify one of the two groups manually and add them to a group (a group because they can only be in 1 group, and there's a 'not in a group' option to identify the others)

For each staff account, either open up the details, go to the account tab and use the group button at the top of the page... or select them in the list and use the actions menu. Once you've identified all staff this way you can use the group method above.

 I'm using a local directory
I can tell staff and student apart by some factor

Use this information to assign the staff or student permission sets as covered in Permission set rules.

I can't tell staff and student apart at the moment

You'll need to speak to your IT guys to find out which user attribute or claim can do this, then have them identify it to you and ensure it is available to you. Then you can proceed as above.

What to do if I'm stuck...

If a nice cup of tea hasn't helped, our service desk will be able to. 

  • No labels