Selecting Identifiers
When registering an organisation to the eduroam managed IdP, one or more identifiers for the organisation must be chosen. These identifiers will be used to define aspects such as RADIUS realms and domains used to connect to the eduroam managed IdP, among other things.
An organisation could have a single identifier for all users such as org, or could have two separate identifiers for staff and non-staff such as org-staff and org-nonstaff.
Restricting Access
eduroam access via the eduroam managed IdP can be restricted to a subset of users inside the connected IdP. This can be achieved in the eduroam managed IdP by filtering users based on the value of a specified attribute. This could be, for example, the attribute eduPersonAffiliation, which could be used to restrict eduroam access to staff users.
Alerting Users
Additionally, user connection profiles issued by the eduroam managed IdP are considered valid for a fixed period of time. This is typically 6 to 12 months, but any length of time may be chosen.
If the user is connected through the geteduroam app, they will also receive notifications to their device when a profile is due to expire soon. This image shows an example notification from an iOS device.