What is the EWP Admin role?
The EWP Admin role (Erasmus Without Paper Administrator role) has been defined to enable authorised representatives of Higher Education Institutions (HEIs) participating in Erasmus+ activities to login in a federated manner to EWP tools to manage their EWP information and settings.
The EWP Admin is encoded as a SAML2 attribute named eduPersonEntitlement (urn:oid:1.3.6.1.4.1.5923.1.1.1.7), assigned by the HEI participating in the Erasmus+ to the staff members that need to access the EWP network management tools (such as EWP Registration Portal, etc.).
The EWP Admin role is transported via eduGAIN, upon successful authentication of the entitled staff.
EWP Admin Role Specification
For HEIs/Identity Providers
HEIs supporting the EWP Admin role should release this information for the appropriate staff members in the SAML2 Assertions issued by their Identity Provider to MyAcademicID as an eduPersonEntitlement attribute with the following value:
urn:geant:erasmuswithoutpaper.eu:ewp:admin
For more information about the full list of attributes expected from Identity Providers, read Attributes required from Higher Education Institutions
For EWP Service Providers
EWP Services requiring the EWP Admin role, they will receive it from MyAcademicID either as a SAML2 attribute named eduPersonEntitlement (urn:oid:1.3.6.1.4.1.5923.1.1.1.7) or an OpenID Connect claim named entitlement with the following value:
urn:geant:myacademicid.org:<sHO>:ewp:admin
<sHO> is the Higher Education Institution's schacHomeOrganization value.
Ex: urn:geant:myacademicid.org:geant.org:ewp:admin