The first thing to do is check if you have UK fed enabled in OpenAthens and have our service desk enable it if not. To check: access the administration area and go to Management > Connections. Look for entry in the federations section in the top left and keep the page open so you can reference the . You will need to reference these details later.
PLACEHOLDER - SCREENSHOT
If there is no existing registration our service desk can quickly add one. Your 'scope' must will be the same across all federations but your entityID can be different in the UK fed if you need it to match an existing entity - e.g. if you are were upgrading from Shibboleth. If you do not specify an entityID, our service desk will duplicate your OpenAthens federation entityID (recommended).
Their website should be your source of details for the process:
The relevant bits of information about us that you will need to tell them about your 'outsourced IdP'from the 'RegisterOtherIdP' pages are below. This may be all you need if you are already a member.
The name of the external organisation providing the outsourcing service.
Most of this section is not applicable. The part that is important is that you control the entityID and scopes associated with your organisation and what that comes down to is the domain name that is being used for your entityID and scope - e.g. institution.ac.uk in https://idp.institution.ac.uk/openathens is owned by you. This should have been checked by us when you joined, but you should confirm.
Registration procedure section
This is the person they will want to deal with and accept future requests from. If it's not going to be you, pick someone who will recognise what any email from them is about.
Tell them you're using OpenAthens
Information required for registration section
Use the entityID displayed in your administration area for the UK fed as described above. E.g.
If the domain name contained within the entityID belongs to the applicant rather than to the external organisation, an explicit statement by the applicant approving the use of the entityID by the external organisation.
"I want Eduserv to manage this entity on my behalf."
Any identifier assigned to the applicant by the external organisation.
Repeat your entityID here.
A contact person (name and email address) within the external organisation.
"OpenAthens Service Desk - firstname.lastname@example.org"
The security domain(s) that the applicant grants authorisation to the external organisation to assert on its behalf. This normally corresponds to the applicant's registered DNS domain(s). This should be specified in lower case.
If you are a single organisation, use the scope displayed in your administration area for the UK fed as described above. E.g.
If you are a consortia organisation, or have organisational units that will need to be identified as different to service providers, or may have later, or if you are unsure, add a wildcard to your scope. E.g.
They do not ask for this, but it would be helpful to include your metadata address which for them will be
Use teh scope displayed in your administration area as described above. E.g.
Say yes, unless you are registering a new entity as part of upgrading from Shibboleth or similar
If you say 'yes', you should ensure that the auto delete function is set longer than three months and that users will be promptly expired when they leave. If you have local policies that conflict with that you can say 'no'.
Optional. You can say "OpenAthens". You won't need to specify versions or types as there is only one.
Optional. If you want to specify one, first make sure you have uploaded one under Preferences > Domain. You will need to do this if you're going to be using the student voter registration service.
You will need to know your OpenAthens domain (usually the same as your scope) and your organisation number. Both can be seen on the Organisations page (
Once you've filled them in, test the link - e.g. https://login.openathens.net/images/peckhamtraders.com/o/68420974/fullsize.png
Organisation display name
Probably the same as you've told us
Your website's homepage
Contacts - support, technical and administrative - should all be:
"OpenAthens Service Desk - email@example.com"
Automatically generated metadata
This will be in the form:
where ' domain ' is your OpenAthens domain (, usually the same as your scope). If you are unsure, our service desk can help. . See: How to access your login.openathens.net metadata
(This is slightly different from the metadata address you would use for a custom SAML application. as it includes a UK federation specific context)