IDP Service

Logo Idem GARRThe University of Milan (UNIMI) joins IDEM (https://www.idem.garr.it/en/), which is an authentication and authorization tool, made available by the Italian Federation of Universities and Research Agencies (GARR consortium).
UNIMI can act as an Identity Provider (IDP), according to IDEM’s aim of offering to education and research institutions a shared system in order to manage the access to online resources and allow university staff, students and faculty to use the same credentials to get web services and resources offered by other universities or federated agencies.

The same credentials can be used to access all the Services (here the list: https://idem.garr.it/partecipare/risorse-idem) made available by identified Service providers, in full respect of user privacy and within the limits reported in the document Privacy Policy of the University of Milan and in the Privacy policy of the Consortium GARR.

UNIMI, as Identity Provider, can transmit to Service Providers (Resource) some information about users (attributes); these are:

  • necessary to receive the requested service
  • limited
  • treated according to law

Requested information may vary from provider to provider: at every access you will be shown the exact list of information transmitted to the Service Provider (Resource).

Attributes can be transmitted by cookies; these can be used by the Service Provider to deliver the service or to identify user (Profilation cookies). The Service Provider can display a link to the Cookie Policy and the Privacy Policy of the service before the transmission of the attributes.

UNIVERSITY LIBRARY SERVICE

The University of Milan provides remote access to The IDEM / GARR federation, which enables users to access to subscribed electronic resources from outside the university network. No new software installation is required; users can authenticate with their university credentials.

With the same credentials used for your institutional mailbox (name.surname@unimi.it or name.surname@studenti.unimi.it), it is also possible to remotely access some resources of the Digital Library through the Idem Garr service.

The list of the main resources of the Digital Library accessible off-campus through Single sign On authentication will be promptly published upon activation of the Service Providers.

By joining the IDEM service, the University of Milan can transmit to the supplier of electronic resources (Service Provider) to which you have requested access some information (attributes) about your profile, upon request of the Service provider itself.

Here you can take notice of the attributes' technical specifications as defined by GARR Consortium: https://wiki.idem.garr.it/wiki/Documentazione
Below you can fine a list of the main attributes that will be provided to the Service Providers (SP):
 

Login process

Attribute: sn
Surname
Requirement IDEM: Raccomanded
Example: ROSSI

Attribute: givenName
Nome
Requirement IDEM: Raccomanded
Example: MARIO

Attribute: cn (commonName)
Nome Cognome
Requirement IDEM: Raccomanded
Example: MARIO ROSSI

Attribute: mail
Email address
Requirement IDEM: Raccomanded
Example: MARIO.ROSSI@unipg.it

Attribute: eduPersonScopedAffiliation (ePSA)
Indicates the user's affiliation with the organization to which he belongs
Requirement IDEM: Mandatory
Calculated on the basis of the role covered in the University
Example: staff@unipg.it;member@unipg.it;student@unipg.it

Attribute: eduPersonTargetedID (ePTID)
Anonymous identifier, persistent, not reassignable
Requirement IDEM: Mandatory
Calculated in the form: [organization]! [Service]! [Opaque string]

Attribute: eduPersonPrincipalName (ePPN)
Persistent unique identifier of the user
Requirement IDEM: Raccomanded
Example: MR290001@unimi.it

In order to provide better technical support within the management of any security incidents, and to be able to respond to any requests from the judicial authority, the access registers (logs files) are kept for 12 months and are periodically erased.
Log files are not transferred or shared either with the GARR Consortium or with related institutions. In the management of any security incidents, only directly related log files may be used upon request for the incident’s technical analysis in collaboration with the Consortium GARR.