Once an organisation has joined the federation, there are various options for participation.
Run and support identity management in-house.There are two options for following this route:
- implement the technology wholly through the organisation.
- implement the technology using a third party. This option is particularly useful for those organisations who do not have the internal resource or expertise to deploy the initial technical requirements but would like to maintain ultimate control of their user authentication.
Organisational identity management provision may be handled by a third party. For further information about the provision of third-party outsource services in the schools sector please see the document regarding the trust framework for participation of UK schools.
The application process for outsourced IdPs should be followed if taking this route.
Outsourced service provision: an organisation may outsource service provision to an external organisation without reference to the federation operator. However, where the entityID proposed for the SP entity contains a domain name which does not belong to the external organisation, this procedure should be followed.
There are several organisations who offer outsourced and/or in-house support services.
Guidance is provided here for an organisation which outsourced identity provision to Eduserv but now wishes to move to using its own local IdP.
The recommended approach for schools is to join via the Local Authorities (England & Wales) or Regional Broadband Consortia in England, Classroom 2000 in Northern Ireland and Learning & Teaching, Scotland. However, schools may join the federation independently.