Delegated Administration is the ability for a Site Administrator to delegate management of select Service Provider(SP) metadata to another person in their organization. This delegated role is called a Delegated Administrator. For organizations with a large number of SPs, or where the SP is operated by a departmental unit, delegated administration allows an organization to spread out the metadata management workload.
- A Site Administrator delegates the ability to administer SP metadata to a delegated administrator by providing the
eduPersonPrincipalName
and e-mail address of a prospective Delegated Administrator. - A Site Administrator uses the Delegated Administration feature in Federation Manager to assign ongoing management duties of particular SPs to a Delegated Administrator.
- A Delegated Administrator may modify and/or delete SP entities assigned to him/her.
- A Delegated Administrator can create new SP entity.
- Any metadata update made by a Delegated Administrator must be approved by a Site Administrator for publication to the InCommon metadata.