Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Name of your organisation as it should be presented to users
  • Domain name of your organisations
  • Public website URL
  • Logo to represent your organisation (provided as a file, with width  and height to render to).

  • Contact email addresses (ideally role-based): technical and security
  • Details on the information sent by the cloud-based IdMS in SAML messages:
    • metadata of the cloud-based upstream IdP (IdP side of the IdMS) - will be retrieved as part of the registration
    • NameIDFormat used by the IdP (will likely be urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress )
    • List of attributes sent by the IdP
      • Among the attributes should be a unique identifier for users (if not already provided via NameID).
      • It would help Explicit confirmation if the attribute can be confirmed as attributes are not being reassigned.  (I.e. a new user never gets the identifier of a previous different user).
      • What types of users get access to the IdP (via your Cloud-based IdMS).  Is access restricted to staff only?  If not, how can staff and other users be distinguished?
      • In case your organisation also has students, an attribute that would allow to tell students apart from staff.
  • We strongly recommend also joining eduGAIN - and  including the Connect to eduGAIN form with your request (available in the eduGAIN Information Pack).

After testing (first deploying an instance in the Tuakiri-TEST environment), we should be in a position to turn your Production instance on.