Federated SSO is an effort to allow users to access FT.com using their employee or education network IDs when they belong to an Access Federation.
Organizations that are part eduGAIN federation and are compatible with UKAMF are supported too.
UKAMF - UK Access Management Federation or UK Federation - provides a solution for access to online services for educational and research organisations. The UKAMF is a UK-based federation.
OpenAthens is both a suite of commercial products and an access management federation, all owned by the company EduServ. The FT makes use of OpenAthens SP product to manage federated SSO as a service provider. The FT is also registered in OpenAthens Federation as a service provider. OpenAthens Federation is an international access management federation, promoted for any publisher as a service provider and any identity provider that can meet the federation requirements.
eduGAIN is a service that connects many federations around the world. The UKAMF publishes its federation metadata (participant information) to eduGAIN, as do many other federations e.g. InCommon for USA, SurfConext for Netherlands, SWAMID for Sweden. UKAMF will automatically import all eduGain metadata that meets its standards. This means most participants registered in eduGAIN are available to UKAMF.
In order to integrate your organization IDP, we only need your IDP entity id as configured in the access management federation. We will use this id to configure the SSO access in FT.com.
FT.com entity Id:
For any queries about the FT’s FSSO service, please contact the support team
We support an autolink feature, this will allow existing FT.com users to login with their corporate credentials without having to do a one-off FT.com setup. In order to allow this feature, your IDP needs to send the user’s email address as part of the SAML assertions.
This can be configured in your IDP.
These are the steps in OpenAthens to add the email address to the SAML response
OpenAthens admin console: https://admin.openathens.net
Verify that email address is a releasable attribute:
Menu > Preferences > Schema Editor
Personal Account > Core Attributes
releasable, see image.
Add email address to the SAML response:
Menu > Preferences > Attribute Release
Global (all resources)policy. Edit appears when you hover over the policy.
email address. It should be displayed with a tick.