General FAQs
We are here to help. Here are some answers to Frequently Asked Questions (FAQs). If you have further questions please contact us.
I don't know anything about Federations — can you give me an overview?
Federated identity and access management removes barriers to collaboration through a mutual trust agreement between services and organisations. This means, organisations do not need to create, implement and maintain multiple agreements with hundreds of different services. The connection is seamless and often goes unnoticed.
How do I know which connection option is right for my organisation?
Your connection option will be determined by what you want to do in the federation, your organisation’s size and existing technology. If you’re unsure about which option is going to work for you, contact us to talk through the options.
What tools does the AAF provide to help me manage federation connection and services?
Subscribers to the Federation have access to AAF Toolkit. These tools are built and regularly reviewed by the AAF to assist our subscribers to get the most value from the AAF.
Can we add a user from an organisation outside the federation?
The AAF Virtual Home (VH) is a service built and run by the AAF on behalf of subscribers. The AAF Virtual Home (VH) is for users who need to access services via the AAF but who do not have an account with our subscribers.
Subscribers can create and manage user accounts for people who have an indirect association with an organisation and who are not already considered staff, student or alumni. These often include industry or government individuals who work closely with subscriber organisations
Find out more on the support page.
I want to share or access a service internationally (eduGAIN), can you tell me more about how it works?
eduGAIN is an interfederation service that connects identity federations like AAF around the world. eduGAIN simplifies access to content, services and resources for the global research and education community. All AAF subscribers can connect to eduGAIN in a few simple steps.
Get started with eduGAIN:
Compliance - What obligations does my organisation have to meet if we join the federation?
All subscribers have until 30 June of each year to ensure that their organisation is fully compliant with the Federation Rules and to submit a Compliance Statement. The AAF sends an advance reminder notice to members and subscribers that compliance statements are due by June 30. The AAF will write to organisations that are overdue in submitting their Compliance Statement to determine the way forward. If you have any questions regarding your organisation’s compliance to the Federation Rules, please contact [email protected]
Compliance statements must be signed by the Primary Representative from your organisation. By signing the annual compliance statement, your organisation is asserting that all organisation contacts listed in the Federation Registry are current and correct. View the full list of Contact types here.
How do I know if my connection to the federation is working?
Federation Status is part of the AAF Toolkit and monitors AAF-connected Service Providers and Identity Providers to report when systems are offline.
For more information or support go to Federation Status.
How do I know that our organisation’s Personal Identifiable Information (PII) is being handled appropriately?
AAF Ltd provides a framework (including policies and technologies) which assists AAF Ltd Subscribers, e.g. universities or other educational institutions and Service Providers registered with AAF Ltd, e.g. providers of online education or research services or applications to authenticate the end users of Identity Providers who wish to access the services or applications of the Service Provider.
Read the privacy policy and privacy collection notice for more information.
Rapid IdP (AAF's Managed Service) FAQs
We have configured Multi-Factor Authentication (MFA) through our Okta/Azure AD/cloud authentication service, will it still work with Rapid IdP?
Yes, the connection method for cloud IdPs allows for MFA to be passed through requiring users to conform to your existing authentication standard.
Will I still need to upgrade to Shibboleth V4?
Rapid IdP is currently based on Shibboleth V4. This saves your organisation from running an expensive project to upgrade your current IdP. We handle the migration of your existing IdP for you free this year if you sign up before 31 December 2020. We will keep your Rapid IdP instance at the latest appropriate patch version for you.
Can I customise a Rapid IdP login screen to look official?
Yes, the new generation of login-screen is available. Check out the Australian Antarctic Division page:
How do I know that Rapid IdP is secure?
Rapid IdP has been designed by federated identity management Shibboleth experts to ensure a reliable and secure deployment. Rapid IdP doesn’t keep a copy of your usernames or passwords. Our environment is annually penetration tested and regularly reviewed to ensure ongoing security. For more information ask us for a copy of our Security White Paper.
We are using Okta/Azure AD/other cloud authentication services, can we use Rapid IdP with these services?
Yes, we can configure Rapid IdP to talk directly and securely to your cloud hosted authentication service. Connections between Rapid IdP and your authentication directory use well established methods which ensures connections are straightforward, secure and easy to manage.
Are bilateral connections supported with Rapid IdP?
Yes, we are able to configure existing and future bilateral connections into your Rapid IdP instance. There are no limits to the number of bilateral connections that are allowed.