Eduuni-ID is Identity and Access Management based on the user’s email address.
Using the Eduuni Services requires that you register your email address and confirm it. Additionally, Eduuni-ID registration requires your first and last name and your organisation’s name. However, you can choose the sign-in method yourself.
Trusted sign-in methods include:
- Organisation IDs if your organisation is a member of the Haka, Virtu or eduGAIN identity federation or if the organisation is using Microsoft Office 365 (Azure AD) services
- ORCID, B2ACCESS, MPASS or ELIXIR AAI -IDs
- Google, Microsoft, LinkedIn or Facebook.
When registering, the user-selected login method will be associated with Eduuni-ID. So, Eduuni users are not sent separate passwords that are easily forgotten, but everyone logs on with their own existing passwords. The user also has the option to change the login method without affecting the user’s identity or access rights.
Email registered as a Eduuni-ID will be re-verified every year. This ensures that the user is still the owner of the email address of the organisation they represent. With Haka, Virtu, and Office 365 (Azure AD) sign-in, you no longer need to explicitly confirm email address management if the information sent by the sign-in server comes with the same email address that the user has registered.
Eduuni-ID can also be used for organisations’ own services or cloud services (SaaS). Eduuni-ID has the advantage of easy email-based access control and fully self-service identity management. Eduuni-ID also allows you to supplement your Eduuni Service Packages with your own services.
Eduuni-ID decentralized model:
Eduuni-workspaces (SharePoint) allows you to grant access directly to email addresses. So sharing a site with members of a network, for example, is as easy as sending an email. Email addresses do not need to be registered Eduuni-ID identities. Later, when the user registers and validates own email address as a Eduuni-ID, user will be granted access to any of the sites that have been granted permission.
Eduuni-workspaces group management can also be extended to all other Eduuni Services, including organisations’ own services that use Eduuni-ID to log in.
Groups in Eduuni-workspaces can be published by adding a # before any group name. When group members sign in to any service that uses Eduuni-ID, group information is sent along with other login information (SAML, WS-fed.). Group information is sent in the form eg. https://tt.eduuni.fi/sites/tyotila#tyotila-members. Before the #-sign you will be told where the group is hosted and after the #-sign the name of the group will be stated.
It is also possible to grant access to the e-mail domain in services that utilize Eduuni-ID. By giving access to eg. @csc.fi, you can easily create intranet or extranet types of sites within your organisation.