Service Provider (SP)

Authentication

Institutes of Graz University of Technology can (and should) also use this service and thus do not have to set up their own user administration.
Authentication or identification is done centrally via the IDM of ZID and in principle only checks whether username and password are correct.

Authorization

The service provider (SP) decides independently of ZID whether to offer single sign-on or only single sign-in (i. e., the same access data, but with forced re-authentication), how long a login remains valid, and which users or groups (e. g., only employees of the institute) may use the service.

Identification

The data that the service provider (SP) receives from the identity provider (IdP) can also be used to identify the user and thus, for example, to (pre)fill forms with names, email addresses, etc.
However, the users are asked (for systems that you do not have to use, at least the first time) whether they agree that the SP may receive this data from our IdP.

Among other things, besides names etc., the user groups (the account type) to which the logged-in person belongs are also supplied:

Staff (BEDIENSTETE:OK)
Students (STUDENTEN:OK)
Alumni (ALUMNI:OK)
Basic Users (BASIS:OK)
Identified guests (KNOWNGUEST:OK)
Guests (GUEST:OK)

The SSO solution then forms our AAI together with the IDM (TUGRAZonline and the associated Active Directory) and these authorizations.

If you want to offer a service with SSO, please contact us. We need at least a name for your service, the address of your service (we only support https) and also the address to log out from your service (for single log-out).

Examples for authorization

Some examples of how authorization can be implemented can be found in the Classification section.

Links

Data Breach

Security Incident

IT Security State of the art

CERT.at

IKT-Sicherheitsportal

Cyber Security Austria

Meldestelle Kinderpornografie

Meldestelle Hass & rassistische Diskriminierung