The requirement to run an Identity Provider (IdP) server has been a barrier to joining Tuakiri for some organisations. REANNZ has now removed this barrier by developing the Tuakiri Hosted IdP, a solution to make joining Tuakiri easier.

The Tuakiri Hosted IdP service is a scalable solution, where REANNZ hosts the Tuakiri IdP for the member.

The Hosted IdP instance connects to an Identity Management System (IdMs) run by the member - this can be a cloud identity store like Google Apps/GSuite or Office 365/Azure AD.

How does it work?

Users logging into a Tuakiri service first select their institution from the list of Tuakiri members.

For institutions using the Tuakiri Hosted IdP, the users would get redirected to their Tuakiri Hosted IdP instance.

The Tuakiri Hosted IdP would in turn redirect the users to their cloud-based Identity Management System to authenticate.

After authenticating, the user would be redirected back to the Tuakiri Hosted IdP, and from there back to the service the user was logging into.

TODO: diagram

Why Tuakiri Hosted IdP?

Tuakiri Hosted IdP is a scalable service - in multiple dimensions:

How do I get started with a Tuakiri Hosted IdP?

Please get in touch with us first at

We will need to work with you to confirm:

After the initial conversation, we will give you details of your Tuakiri Hosted IdP instance which you'll need to register as a Service Provider with your cloud-based IdMS - and in turn, we'll need the IdP metadata of your cloud-based IdMs.

Please see the specific details here:

Alongside the registration steps linked above, you will need to provide us with the following information:

After testing (first deploying an instance in the Tuakiri-TEST environment), we should be in a position to turn your Production instance on.