Requesting external federation for your web-based service
Service providers of Fermilab web-based services
This article details how to request external federation for your web-based service that uses SSO authentication. By using external federation, you can provide access to individuals who don’t have Fermilab accounts by allowing them to use their home organization’s credentials to authenticate.
At this time, Fermilab supports credentials from these organizations:
- Other DOE labs and organizations using DOE OneID
To request external federation for your web-based service, open a General Request ticket in ServiceNow:
- Use Enable <site name> for external federation as the subject of your request ticket.
- In the ticket, describe what data will be shared and what measures are in place to ensure that only the target audience has access to the data.
- Once the ticket is submitted, the review and approval process will start.
- Before requesting external federation, please review your web application/website. Access to your web application/website should be controlled by the application/website and should only be granted to authenticated users. You can use group membership that is provided in SSO assertion for authorization; this can be used for both granting and rejecting access.
- Instructions on how to allow an external user to access your web-based service after the request for external federation has been approved can be found in this article: KB0014129