Using Dataporten, you probably want to authenticate people using your service. Through Dataporten you can enable several login providers. You - as a service provider - decide which login providers your service should accept.
Here you will find more information about the different login providers, how to enable them and when to enable them.
In Dataporten Dashboard you can enable the following login providers for your service:
- International education login, eduGAIN
- Social media login
- Feide guest users
- Feide test users (for test purposes only)
Which login providers should you enable?
You need to make sure all your users are able to log in to your service, but you should probably not enable all login providers. That will just make your users confused.
Guidelines on enabling login providers
- When your users are students, researchers, teachers or other employees in Norwegian education: Enable Feide login.
- If you need to identify and authenticate users outside the education sector (i.e. parents, alumni): Enable ID-porten login.
- When your users are international students, researchers or teachers/employees: Enable eduGAIN login.
- If some of your users come from outside of the education sector, and all you need is a way to recognize them and link them to a user account, you should enable guest user login. Dataporten provides several guest user solutions: Twitter, Facebook, LinkedIn and Feide guest users.
- During development and test phase, you can enable Feide test users. Be sure to disable before moving on to production environment.
Enabling login providers in Dashboard
When registering your service in the Dataporten Dashboard, you will enable login providers on the page "Login providers":
If you enable all login providers, this is what your users will see the first time they log in:
How to enable Feide login
If your users are students, researchers, teachers or other employees in Norwegian education, you probably want to enable Feide login. In Dashboard, you will enable "Utdanningssektoren". Be sure not to mix up with "Feide gjestebrukere" or "Feide testbrukere".
If your service should accept logins only from primary schools, secondary schools or higher education, or just specific schools, you will configure this as well in Dashboard:
This will allow logins from Høgskulen i Volda, Lovisenberg diakonale høgskole and Dronning Mauds Minne Høgskole only.
How to enable ID-porten login
If your users are people outside of education, i.e. parents or alumni, and you still want a high security level on your logins, you should enable ID-porten login:
- The service has to be registered by an organization (not a private person).
- The organization has to apply for ID-porten login by sending an email to firstname.lastname@example.org. Be sure to put "ID-porten login through Dataporten" in the subject.
How to enable international login through eduGAIN
If your users are international students, researchers, teachers or other employees, you should enable eduGAIN login.
eduGAIN is an international trust exchange between Identity federations mostly in Europe, but also US, Brazil, Japan and more. It allows users abroad to login to Dataporten services with their local accounts, with trusted identity information through eduGAIN.
The global scope of eduGAIN adds some complexity when it comes to technical compatibilty, semantics of attribute release and more. Dataporten tries to offload these challenges from applications and adopt a flexibly attribute policy that works with many providers.
If would have users from foreign univerities that are connected to eduGAIN, you may help us test, verify and configure these users to properly connect through eduGAIN. Contact us email@example.com to get more information.
To enable eduGAIN login on Dataporten, you MUST follow these eduGAIN polciies:
Login through social media
Not all services need to know exactly who the user is and be 100% certain about the user's identity. These services only need to recognize the user every time he or she logs in to build some kind of user profile for the user.
For these services, login through social media can be a good way to authenticate users. Dataporten offers login through Facebook, LinkedIn and Twitter.
If you enable one or more of these, your users will log in to your service by his/her Twitter, Facebook or LinkedIn account. The user ID received by the service, will be the user ID from Twitter, Facebook or LinkedIn.
You can enable login through all social media:
The user can now log in by his/her favourite social media account.
Enable Twitter login
Enable Facebook login
Enable LinkedIn login
How to enable login for Feide guest users
For users that don't have a Feide account, you can enable login through the "Feide guest users" solution, also known as OpenIdP.
How to enable Feide test users
During the development and test phase, you can enable login for Feide test users: