Single sign-on service
A single sign-on service is used for logging in (authentication) in shared services at the University of Borås for users who have an electronic identity here. That is because the university is a member of SWAMID, the Swedish Academic Identity Federation. This relates to services such as SUNET, GÉANT, and, for example Box, LADOK, and Zoom.
General description of SAML2 Web SSO, used by the Identity Provider (IdP) at University of Borås
The service provides authentication of users which have an electronic identity at University of Borås, together with release of attributes pertaining to the authenticated user. The provider of the service/higher educational institution is a member of SWAMID, the Swedish identity federation for Research and higher education. The service has been deployed in accordance with SWAMID’s policy framework.
Policy for personal integrity
The service adheres to the policy for the handling of personal data which has been published by University of Borås in accordance with Swedish law.
The service and limitations of service
University of Borås undertakes to guarantee the availability of the service in accordance with University of Borås’s requirements and expectations. University of Borås follows SWAMID’s recommendations for release of attributes based upon entity categories. University of Borås reserves the right, in agreement with a service provider, to change the actually released attributes for the current service, regardless of what is recommended by the entity category for which the service provider is approved.
Service and support
Questions and faults regarding University of Borås and it’s SAML2 Web SSO service should be directed to the following local support channels:
Web: IT Services
Policy for the management of personal information within the scope of the Identity Provider (IdP) as determined by University of Borås
The Identity Provider performs authentication at the request of a service which University of Borås recognises, either via metadata provided by the SWAMID identity federation or because the service and University of Borås has a specific agreement. Depending upon the type of service involved, the purpose of the service and what relationship the service has to the [University of Borås’s] identity provider, one or more pieces of personal data are transferred from University of Borås’s catalogue and authorization system to the requesting service. This procedure follows the intent of the Swedish personal data protection legislation.
Services that are categorised in SWAMID’s metadata with entity categories receive attributes in accordance with SWAMID’s recommendations, see below. Services whose primary purpose is for the benefit of research and education have access to approximately the same personal data which are automatically sent with an everyday email, that being name, email address, user identity, if the user is a student or employee (or similar active role) and that the user has an account at University of Borås. Registered services that via GÉANT Data Protection Code of Conduct adhere to the European Union’s General Data Protection Regulation (GDPR) get access to the same information.
Services whose purpose is for students to process admissions, course registrations, examination sign-up, degree applications, internships, grant applications, self-service account administration and for employees self-service for University of Borås’s HR-system have access to the user’s Swedish personal identity number or Swedish higher education interim personal identity number for foreigners.