Identity consolidator

From MetaCentrum
Jump to: navigation, search

Back to Use cases

Identities in Perun

Internal identity

Internal identity is the user identity that was created in the Perun system (account in Perun).

This account contains a full name and ID and others.

External identity

An external identity is the user identity that was created in another system.

An external identity is a part of internal identity.

It can be university identity (Ca 'Foscari University of Venice, Masaryk University, Medical University of Vienna, Nicolaus Copernicus University in Torun),

an identity of the organization (BBMRI-ERIC, CESNET, de.NBI, EGI, Elixir),

or social identity (Facebook, Google, LinkedIn).

One user profile may contain more external identities and the user can log in to Perun by any of them.

Another option how the user can get into Perun is to import identity by synchronization (for example from a SQL database or LDAP).

External identities work with a Level of Assurance (LoA).

Identities schema

Schema showing how the user can get into the Perun by external identities and how they related to internal identity.


velikostpx


Identity Consolidator

Description

The Identity Consolidator serves to connect more identities under one user account.

The main advantage of identity consolidation is access to user's data by any registered external identity.

How user can get to Identity consolidator

The link for identity consolidation can be offered by the system itself or is sent by the VO manager to the user.

Manual for VO manager for building a link to Identity Consolidator is here.

Identity consolidation procedure

1a) The system may automatically offer you the possibility of connecting another external identity to your account. Open link in the anonymous mode in your browser.

... OR...

1b) Open the email you received from VO manager and open the Identity Consolidator link in the anonymous mode in your browser.

2) Perun will ask you to log in with an external identity which you have connected with your account. You will see a list of identities you can log in.

  • This step is limited in time (time is counted in the background). You have 5 minutes to connect identity to an existing account or then the authorization token ends and you need to log in again (reload the page). The time limit is set for security reasons.

3) At the end of the procedure, you may add another external identity.

Now you may log in to Perun system with new external identity.

Anonymous mode

Will ensure that you don't log in with an unwanted identity when you verify your identity.

Keyboard shortcuts:

Chrome/Chromium and Opera

Ctrl + Shift + N

Explorer/Edge and Firefox

Ctrl + Shift + P


User profile

In a profile, the user can manage his data, such as a mail, preferred language, change/reset the password, manage SSH keys, report new publication.

User profile (CESNET instance):

WARNING: Only for users at the CESNET instance. For using links, it is necessary to be logged in Perun.

The user can modify or view his data on a user profile at the address:

https://perun.cesnet.cz/a/user-profile/fed/#profile

In profile, the user may see or edit external identities that are assigned to his account (in tab My identities).

Mini-application

Also, the user may use new mini-application:

https://perun.cesnet.cz/fed/profile/#personal

This user profile provides an overview of external identities.


User profile (MUNI instance):

WARNING: Only for users at the MUNI instance. For using links, it is necessary to be logged in Perun.

The user can modify or view his data on a user profile:

Log in via Federation

https://idm.ics.muni.cz/fed/gui/#usr/

Log in via Kerberos

https://idm.ics.muni.cz/krb/gui/#usr/

In the left menu, click on Select identity and select the internal identity you want to manage.

This user profile doesn't contain an overview of external identities.