Processes to link organizational members to edu-ID
An Organisation that has adopted SWITCH edu-ID needs to make sure that each member (student, staff, further education student) has an edu-ID identity that it is linked to their local, organisational identity.
A link between a local, organizational identity and an edu-ID identity is established once
- the organization can associate a local identity to an edu-ID identity (via its edu-ID identifier), and
- edu-ID can associate an edu-ID identity to an organisation (via its organizational unique identifier)
The most common linking processes are
Linking at Registration
This scenario may be applied by organisations that have implemented online member registration processes using a web page or web form. This registration process gets extended with an edu-ID linking step. Applicants are required to log in at the organization with their edu-ID identity. Applicants without an edu-ID identity create one on the fly.
As a result, the organisation receives the applicants registration data along with the edu-ID identifier. If the applicant is not admitted, all registration data is discarded. If the applicant is admitted, the organization's IdM creates an affiliation in the edu-ID identity.
Linking after Admission
In this approach, the processes to register new organisation members remain untouched. Linking with an edu-ID identity takes place after a person has been accepted as member and the organisational identity is created and activated.
- The new organization member is invited - usually by email - to create and link their edu-ID identity
- The member navigates to the organizational linking service and has to authenticate against the local identity management system
- The organizational linking service associates the edu-ID identifier to the local, organisational identity
- After successful linking, the organisational IdM creates/adds an affiliation to the person's edu-ID identity
|Linking at Registration||
|Linking after Admission||
Note that the linking approaches can be mixed. It is for example possible to link students at-registration while staff members are linked after-admission.