Authentication, authorization, and provisioining
A common denominator for sign-on for web services is SAML2. Usernames and especially passwords are no longer stored in separate individual systems. Instead the sign-on process is federated.
For several years, Eduix has implemented SAML-based sign-on in our software and third-party systems. Among other applications, we use Shibboleth and SimpleSAMLphp in identity provider as well as service provider modes. ADFS2 sign-on is readily available for all our services, as are all SAML2 identity federations, along with identity providers by Google, Facebook, and other prominent names in the industry.
In addition to SSO management, we offer user registries and user role registries. Monolithic identity management software has been replaced by flexible, modular systems that can manage massive amounts of user data.
We keep a keen eye on the latest research and product development in our field, and we implement software and practices that have been developed in Finnish and international projects. The management of software, user roles, and permissions requires a great deal of work and optimization, and when it comes to public services, the principles of master data must be followed to the letter. User provisioning and deprovisioning can be completely automated, and they are in line with the central principles of platform economy.