Identity and access management (IAM)

Identity and access management (IAM)

User identification of services aimed at University of Helsinki staff and students should always be done using centralized signin services.

Centralized User Authentication

The recommended method for this is the Shibboleth service (login.helsinki.fi), which can be connected to services using the SAML and OpenID Connect (OIDC) protocols.

Read more about the Shibboleth service.

There is also a separate test service for the service, where centralized user authentication can be tested with user details defined by oneself.

More information about other centralized user authentication options can be found on the page Centralized User Authentication Alternatives.

Trust Networks / External Authentication from the University of Helsinki

If the service requires users from external academic organizations, it is possible to connect the service to the Haka or eduGAIN trust networks using SAML authentication.

Read more about trust networks.

Strong Authentication

Strong user authentication (eIDAS “substantial” or “high” level) is currently possible through the Suomi.fi service. The registration process in this respect is quite complex and slow.

More information in a separate article: Strong Authentication (Suomi.fi)

Access Rights

Access rights management can be implemented using user groups described here on the Helpdesk page.

User groups can be transmitted to the service at the time of login when using centralized user authentication.