Using an outsourced identity provider

When a member organisation wishes to outsource identity provision to another organisation, a Management Contact of the requesting organisation must apply in writing, on the organisationís letterhead. The letter must be signed, scanned and emailed to to the federation operator.

The application must contain the following information:

  1. The name of the external organisation providing the outsourcing service. This organisation must itself be a member of the federation.
  2. The entityID of the identity provider which the external organisation proposes to use on behalf of the applicant. (The external organisation should be consulted to obtain this information.)
  3. If the domain name contained within the entityID belongs to the applicant rather than to the external organisation, an explicit statement by the applicant approving the use of the entityID by the external organisation.
  4. Any identifier assigned to the applicant by the external organisation.
  5. A contact person (name and email address) within the external organisation.
  6. The security domain(s) that the applicant grants authorisation to the external organisation to assert on its behalf. This normally corresponds to the applicant's registered DNS domain(s). This should be specified in lower case.

Please see this example of the form of letter required.

Note: You may choose to state, in your letter of application to join the UK federation, your intention to outsource identity provision to a third party and at the same time provide us with the details above.

Please note that similar conditions apply to the registration of service providers, but the situation is slightly simpler. Please refer to the federation documentation about using an outsourced service provider.