As a Site Administrator, you have the ability to may assign one or more Delegated Administrators to manage Service Provider (SP) metadata registered in your organization. You determine which entity descriptors may be edited by explicitly assigning a Delegated Administrator to one or more SPs. Any updates submitted by When a Delegated Administrator in your organization submits updates to metadata, the requests are routed to you for approval before it can be published to the InCommon metadata.

Sign-in options for a Delegated Administrator

A Delegated Administrator signs into Federation via the Internet2 (I2) Identity Services. I2 Identity Services supports federated SSO using an InCommon-registered Identity Provider (IdP). If you have an InCommon-registered IdP, follow the instruction under Configure your Identity Provider to work with I2 Identity Services to configure your IdP to release the necessary user information to enable your Delegated Administrators to sign into Federation Manager.

Since the Delegated Administrative login interface leverages InCommon federated SSO, make sure you have configured your IdP to release the following attributes to the Federation Manager (https://fm.incommon.org/sp):

• eduPersonPrincipalName
• mail
• givenName
• sn (surName)

Alternatively, I2 Identity Services supports sign in using Google account or an Internet2 assigned guest account. If you do not have an InCommon-registered IdP, consult the I2 Identity Services Registration Guide to set up your Delegated Administrator to sign in using one of these alternate options. 

About I2 Identity Services

I2 Identity Services is Internet2's user identity and access management platform. It is the access gateway to a variety of I2 hosted services, including the Internet2 wiki and Federation Manager.

Automatic User Registration on First Sign-in

When when a user signs in for the first time, I2 Identity Services automatically registers them and provisions default access . When you assign a Delegated Administrator, please instruct them to follow the instructions outlined in the I2 Identity Services Registration Guide to complete this registration process.

Anchor
configure-idp configure-idp

Configure your IdP to work with Federation Manager

I2 Identity Services relies on the user information your IdP releases to link user records between SSO services and Federation Manager. Make sure you have configured your IdP to release the appropriate user attributes. You can do so in two ways:

Option 1: Configure your IdP to support the REFEDS Research and Scholarship (R&S) category

See: Identity provider - support Research and Scholarship

This is the preferred option. I2 Identity Services is a REFEDS R&S service provider. When your IdP supports R&S, I2 Identity Services automatically receives user attributes from your IdP, streamlining user access to the whole range of I2 hosted applications and collaboration tools.

Option 2: Release attributes manually

If you are unable to support REFEDS R&S, you may Configure your IdP manually to release user attributes to the I2 Identity Services. Consult the I2 Identity Services: Identity Provider Operator's Guide for configuration details.