For eduroam Managed IdP, you can define the maximum number of users per institution profile.
Invite a new IdP to use eduroam CAT or eduroam Managed IdP
The button on the lower end of the page allows you to send an invitation to use eduroam CAT the toolset to an IdP in your federation. This can either be an IdP which is already in production (i.e. already listed in the official eduroam database with at least the "IdP" role) or it can be a new institution which is still in a bootstrapping phase (i.e. not yet registered in the official eduroam database). eduroam Managed IdP institutions are not typically registered, because their realm is not determined yet - it will be set by the eduroam Managed IdP system.
After clicking the button, the following window will appear, which allows to take the required actions:
You can either select an institution which is already listed in the eduroam database ("Existing IdP") or you can instead use the "New IdP" row to enter an institution name and federation NRO by hand.
In both cases, you need to enter the email address to send the invitation to. Before actually sending the invitation, keep in mind that the invitation token for the IdP admin will only be valid for 24h; and that the token can only be consumed once. It is thus wise to check that the mail address is going to be read in the next business day; and that tokens sent to a mailing list will only be valid for the first person who redeems the invitation token. It may be a good idea to use personal email addresses only.
Once you have sent an invitation, you will be taken back to the federation NRO management overview, which now lists the new pending invitation. You can revoke the invitation even before it expires after 24h if you feel the need to.
When an invitation has been redeemed, all federation NRO administrators of your federation own NRO will receive an email notification by eduroam CAT the toolset confirming that a new IdP was created.
Add or delete representatives of existing IdPs
Once an IdP exists in CAT in the toolset (i.e. once the first invitation token for the IdP has been redeemed by an invitee), the IdP admin can add more administrators or delete others as he sees fit. You can do the same though, by using the "Add/Remove Administrators" link on the right side of the list of IdPs. Please consult the guide to eduroam CAT for IdP administrators for IdP-level guides to the respective tool of the toolset for further details of administrators administrator management.
Take control over an IdP
In some exceptional circumstances, it may be necessary that you as the federation NRO operator directly manipulate an IdP in your federationNRO. By default, you do not get read or write access to IdP data of the IdPs which you have invited; they are expected to manage their own IdP in self-service.
- an IdP admin has erroneously deleted himself and all other administrators of the IdP - so noone can manage themit
- you are deprovisioning an IdP, but he refuses the administrator(s) refuse to delete his the IdP in the eduroam CAT toolset's IdP web interface
- the IdP admin requires assistance in setting up his IdP data, and you want to lend a hand
You can immediately add yourself as an IdP admin for each IdP in your federation NRO by using the "Add/Remove Administrators" dialog box. For federation administrators, the dialog box has an additional button "Take control of this institutionIdP". By simply clicking this button, you will instantly become IdP administrator of this institution. Most notably, you do not need to send an email invitation to yourself; the process completes instantly.