How to join the UK Access Management federation
If you are a UK based education organisation you may want to join the UK education specific 'UK Access Management federation for Education and Research' (sometimes called the UK fed).
The first thing to do is check if you have UK fed enabled in OpenAthens and have our service desk enable it if not. To check you access the administration area and go to Management > Connections. Look for entry in the federations section. You will need to reference these details later.
If there is no existing registration appearing here our service desk can quickly add the details for you. Your 'scope' will be the same across all federations but your entityID can be different in the UK fed if you need it to match an existing entity - e.g. if you were upgrading from Shibboleth. If you do not specify an entityID, our service desk will duplicate your OpenAthens federation entityID (recommended).
Now you are ready to register with the UK fed.
Their website should be your source of details for the process:
- https://ukfederation.org.uk/content/Documents/ApplyforMembership
- https://www.ukfederation.org.uk/content/Documents/RegisterOAIdP
The relevant bits of information about us that you will need to tell them from the 'RegisterOtherIdP' pages are below. This may be all you need if you are already a member.
Prerequisites section
Most of this section is not applicable. The part that is important is that you control the entityID and scopes associated with your organisation and what that comes down to is the domain name that is being used for your entityID and scope - e.g. the "institution.ac.uk" part of "https://idp.institution.ac.uk/openathens" is owned by you. This should have been checked by us when you joined, but you should confirm.
Registration procedure section
Management contact
This is the person they will want to deal with and accept future requests from. If it's not going to be you, pick someone who will recognise what any email from them is about.
Everything else
Tell them you're using OpenAthens
Information required for registration section
The entityID
Use the entityID displayed in your administration area as described above. E.g. https://idp.institution.ac.uk/openathens
Scopes
Use the scope displayed in your administration area as described above. E.g. institution.ac.uk
Visibility
Say yes, unless you are registering a new entity as part of upgrading from Shibboleth or similar in which case you might want your new registration to initially not be visible. They can change them over later.
User accountability
If you say 'yes', you should ensure that the auto delete function is set longer than three months and that users will be promptly expired when they leave. If you have local policies that conflict with that you can say 'no', but some resources could refuse access.
Software
Optional. You can say "OpenAthens". You won't need to specify versions or types as there is only one.
Logo
Optional. If you want to specify one, first make sure you have uploaded one under Preferences > Domain. You will need to do this if you're going to be using the student voter registration service.
Organisation display name
Probably the same as you've told us
Organisation URL
Your website's homepage
Contacts - support, technical and administrative - should all be:
"OpenAthens Service Desk - help@openathens.net"
Automatically generated metadata
In most cases, this will be in the form:
https://login.openathens.net/saml/2/metadata-idp/DOMAIN
... where domain is your OpenAthens domain, usually the same as your scope. See: How to access your login.openathens.net metadata
If you need to have a different entityID in the UK Access Management federation from the one you have in the OpenAthens federation then you will need to add /c/ukfed to the end of the metadata address - examples:
For most users: https://login.openathens.net/saml/2/metadata-idp/peckhamtraders.com
UK fed specific entityID: https://login.openathens.net/saml/2/metadata-idp/peckhamtraders.com/c/ukfed
If you're not sure, use the longer version.