Login providers

Using Dataporten, you probably want to authenticate people using your service. Through Dataporten you can enable several login providers. You - as a service provider - decide which login providers your service should accept.

Here you will find more information about the different login providers, how to enable them and when to enable them.

In Dataporten Dashboard you can enable the following login providers for your service:

Which login providers should you enable?

You need to make sure all your users are able to log in to your service, but you should probably not enable all login providers. That will just make your users confused.

Guidelines on enabling login providers

  • When your users are students, researchers, teachers or other employees in Norwegian education: Enable Feide login.
  • If you need to identify and authenticate users outside the education sector (i.e. parents, alumni): Enable ID-porten login.
  • When your users are international students, researchers or teachers/employees: Enable eduGAIN login.
  • If some of your users come from outside of the education sector, and all you need is a way to recognize them and link them to a user account, you should enable guest user login. Dataporten provides several guest user solutions: Twitter, Facebook, LinkedIn and Feide guest users.
  • During development and test phase, you can enable Feide test users. Be sure to disable before moving on to production environment.

Enabling login providers in Dashboard

When registering your service in the Dataporten Dashboard, you will enable login providers on the page "Login providers":

If you enable all login providers, this is what your users will see the first time they log in:

If your users are students, researchers, teachers or other employees in Norwegian education, you probably want to enable Feide login. In Dashboard, you will enable "Utdanningssektoren". Be sure not to mix up with "Feide gjestebrukere" or "Feide testbrukere".

If your service should accept logins only from primary schools, secondary schools or higher education, or just specific schools, you will configure this as well in Dashboard:

This will allow logins from Høgskulen i Volda, Lovisenberg diakonale høgskole and Dronning Mauds Minne Høgskole only.

If your users are people outside of education, i.e. parents or alumni, and you still want a high security level on your logins, you should enable ID-porten login:

To enable ID-porten, the following criteria have to be met:
  • The service has to be registered by an organization (not a private person).
  • The organization has to apply for ID-porten login by sending an email to kontakt@uninett.no. Be sure to put "ID-porten login through Dataporten" in the subject.
  • Only enterprises in public sector and enterprises carrying out tasks on behalf of, and wholly or partly funded by, the public can use ID-porten. More information about ID-porten´s terms of use (Norwegian only).
Support for eduGAIN in Dataporten is available for pilot users from spring 2017. Ask us for more information by sending an email (kontakt@uninett.no).

If your users are international students, researchers, teachers or other employees, you should enable eduGAIN login.

eduGAIN is an international trust exchange between Identity federations mostly in Europe, but also US, Brazil, Japan and more. It allows users abroad to login to Dataporten services with their local accounts, with trusted identity information through eduGAIN.

The global scope of eduGAIN adds some complexity when it comes to technical compatibilty, semantics of attribute release and more. Dataporten tries to offload these challenges from applications and adopt a flexibly attribute policy that works with many providers.

If would have users from foreign univerities that are connected to eduGAIN, you may help us test, verify and configure these users to properly connect through eduGAIN. Contact us kontakt@uninett.no to get more information.

To enable eduGAIN login on Dataporten, you MUST follow these eduGAIN polciies:

Not all services need to know exactly who the user is and be 100% certain about the user's identity. These services only need to recognize the user every time he or she logs in to build some kind of user profile for the user.

For these services, login through social media can be a good way to authenticate users. Dataporten offers login through Facebook, LinkedIn and Twitter.

If you enable one or more of these, your users will log in to your service by his/her Twitter, Facebook or LinkedIn account. The user ID received by the service, will be the user ID from Twitter, Facebook or LinkedIn.

You can enable login through all social media:

The user can now log in by his/her favourite social media account.

Enable Twitter login

Enable Facebook login

Enable LinkedIn login

For users that don't have a Feide account, you can enable login through the "Feide guest users" solution, also known as OpenIdP.

The "Feide guest users" solution is managed by UNINETT, and is in the process of being phased out. Notice however that the solution will be replaced and users will be alerted before it is removed.

During the development and test phase, you can enable login for Feide test users:

Be sure to disable Feide test users before you move your service to a production environment.