User accounts

From the login point of view there are two different user accounts:

You can link local account that is already created with federated account and enable user to use both login options equally, but access type for local account should be set to „local and federated“ and username of the user local account should be the same as ePPN (eduPersonPrincipalName) of the user federated account.

User privileges

There are 3 different user roles:


  1. On the application home page press "Log in" button at the top-right corner of the screen. 
  2. Choose between login with your local account and login via federated access.

Local account

Create a new user

As a Federation operator do the following:

  1. Navigate to the top menu “Administration/Users” and press “Add user” button.
  2. As username enter the eduPersonPrincipleName of that user (username@domain).
  3. Enter user real email address so he can keep track of the email notifications from the application.
  4. Choose the access type between “only local authentication”, “only federated access” and “local and federated”.
  5. Choose the strong password. This can be changed later on by the user.
  6. Enter user’s First and Last name.
  7. Press "Register user" button.

Edit user account

Federation operator has full privileges; hence he can change passwords, user roles and add user notifications for all registered users. To do so, navigate to the top menu “Administration/Users” as a Federation operator and choose the user you want to edit from the list of all registered users by clicking on that user’s username.

As an IdP/SP owner or a user with guest role you can edit your own account (change your password, email, first name and last name), but you cannot change your roles and access type. To change your password, navigate to “My Profile” menu and follow the “Change user password” procedure. To add email notification to your account, navigate to “My notifications” and follow the “Add notification to user” procedure from the step 2.

Delete user

Only Federation operator can delete a user from the system, so in order to delete a user do the following as a Federation operator:

  1. Navigate to the top menu “Administration/Users”.
  2. Click on the trash can icon in the “Action” column for the user you want to delete. 
  3. To confirm your choice, type username of the user you want to delete and press “Remove user” button. 

Note: You cannot remove user account with Administrator role, so in order to remove such a user you need to change its role first.

Identity Provider/Service Provider

Identity Provider/Service Provider registration

As an Identity Provider/Service Provider owner do the following:

  1. Navigate to top menu “Register/Identity Provider” or “Register/Service Provider”.
  2. Paste the XML metadata of the entity in the “Metadata” text box and press "Next" button. This will parse metadata file and populate some information in the appropriate fields. 
  3. Revise the already existing data. Minimal data that the registry application is requesting to have for any Identity Provider/Service Provider consists of:

Identity Provider/Service Provider management

As an Identity Provider/Service Provider owner, navigate to the top menu “Identity Provider”/"Service Provider", click on registered entity and go to the “Management” tab. Here you can switch between enable/disable and unlocked/locked status, remove the entity, set the user rights and add registration policies for the entity.

Note: In order to be able to manage your Identity Provider as an Identity Provider owner, Federation operator needs to add privileges to Identity Provider owner by following steps for User rights management.

Joining the federation

Federation membership is managed in the Identity Provider/Service Provider “Membership” tab. As an entity owner go through the following steps in order to join your entity to the federation:

  1. Navigate to top menu “Identity Providers”/“Service Providers”.
  2. Choose the entity that you want to join to the federation.
  3. Click on the button “Manage membership (joining)” in the “Membership” tab.
  4. Pick the federation you want to join from the drop-down list and fill in the “Message” that will be presented to the Federation operator who has to approve the registration.
  5. Press “Apply” button.


Each FaaS instance comes with two already registered federations:

As Federation operator you can view federation data by choosing one of the federations in the "Federations" top menu.