Skip to content

Federated Login

Overview

NFDI4Immuno aims to provide a unified login for all it services, by building upon existing identity and access management (IAM) solutions. This means that all users who are affiliated with a German academic institution should be able to login to NFDI4Immuno services using the accounts they have at their home institutions. This manual describes both the practical steps as well as the technical background of this setup.

For first-time users

In simple terms: What is a "federated login"?

To help you understand how to use the federated login, let us have a look at the parties involved here:

  1. Your home institution: This is the academic institution that you are affiliated with, e.g., via an employment contract or a stipend. Your home institution is the party from with your identity information (e.g., name and mail address) originates, therefore it is called an identity provider (IdP). The other parties within the federation trust that your home institution will provide true, accurate and timely information, so you can think of it as an authority that issues a passport.
  2. Helmholtz ID: In contrast to its name, this service does not provide any additional identity information about you, as it completely relies on the information that it receives from your home institution. Instead, it allows third-parties like NFDI4Immuno to provide additional information about groups of which you are a member and ressources you are permitted to use. As a whole, the groups and ressource managed by a single third-party make up what is called a virtual organization (VO). Staying with the real-world analogy from above, think of it as stamping a (short-lived) visa into your passport.
  3. NFDI4Immuno service: This is the service that you would like to use. As service provider (SP), NFDI4Immuno needs to know who you are (identity) and whether you are permitted to use the service (access management). Therefore the service will contact Helmholtz ID, which in turn will contact your home institution. Completing the analogy: The service will check your passport and your visa.

Getting access to NFDI4Immuno services

In general, to access NFDI4Immuno services you will need to fulfill the following criteria, but note that there are some expections, which are discussed in the Troubleshooting section.

  • You should have an institutional account at your home institution
  • You should have an account at Helmholtz ID connected to that institutional account
  • You should be a member of the NFDI4Immuno virtual organization

Step-by-step guide

Check whether your institution is part of the DFN federation

  1. Go to Helmholtz ID

  2. Select your home institution from the dialog below, note you can use the "Search" field to narrow down the list. If your institution is not listed here see the troubleshooting guide.

Create or confirm your Helmholtz ID account

  1. Selecting your institution will forward you to its login screen. Complete the login using your instituional username and password. Leave the tick-boxes blank. :::info The following screenshot shows the DKFZ login as an example, your institution's login will likely look a bit different. :::

  2. If you already used Helmholtz ID with your account before, you will directly be forwarded to your profile (see next point). Otherwise, if you login to Helmholtz ID for the first time, you will be asked to confirm your "registration", i.e., the creation of an account at Helmholtz ID that is linked to your institional account (see screenshot below). Please confirm this registration.

  3. When the login is completed, you will see the profile of your account at Helmholtz ID (see screenshot below).

Join the NFDI4Immuno Virtual Organization
  1. Send a mail to Christian asking for an invite to the NFDI4Immuno Virtual Organization (VO).
  2. You will receive an invition to join the VO with a registration link. The invitation has the subject Invitation to Join /NFDI4Immuno and is sent by [email protected]. Click on the link in the invite.
  3. You will be asked to confirm that you want to join the VO and the you agree to the Acceptable Use Policy.
Test the federated login with an NFDI4Immuno service
  1. Go to the NFDI4Immuno Nextcloud and login via "Helmholtz ID". Please report any problems to Christian.

Troubleshooting

My institution is not listed in the dialog

Not all German research institutions are part of the DFN-AAI federation. This especially applies to departmental research institutions (Ressortforschungseinrichtungen). Please notify your institution's IT department that you would like to use service connected to the DFN-AAI. As a temporary work-around Helmholtz ID also allows login via generic identity providers (ORCID, Github, Google), but you should note that these providers cannot give assurances about your affiliation with an academic institution, which might result in more restricted access permissions.