Skip to main content
Skip table of contents

Access Control and User Roles

This document outlines the authentication methods, access control principles, and the role-based access control (RBAC) model for the eFeide and eADM platforms.

Authentication Methods

Both eFeide and eADM support a variety of user login methods, including two-factor authentication. Supported methods include:

  • FEIDE

  • IDporten

  • ADFS / LDAP

  • Single Sign-On (SSO) with Microsoft Entra ID (Azure AD)

  • Single Sign-On (SSO) with Google Workspace

  • Other SAML 2.0 based solutions

Warning: MFA is Required for Administrative Access We expect customers to protect all SSO logins with Multi-Factor Authentication (MFA). Access to eADM and eFeide without two-factor protection is not recommended, even for standard employees or department managers. For Servicedesk and Administrator level access, we require that customers protect SSO with MFA or use IDporten for authentication.

Access Control Principles

System access can be granted automatically based on rulesets or assigned manually to individual users.

  • Administrator Access: We recommend that all administrator-level access is granted manually and based on need.

  • Access Duration: Permissions can be granted with or without an expiration date.

  • Access Audits: The system includes features for both active and passive access reviews at specified time intervals.

  • Granular Control: Access levels can be managed at the group, role, and individual user level. The system also accounts for users having different roles in different departments, with varying needs and permissions.

  • Conditional MFA: Login to the user interface can be regulated so that any user who can view personal data about others must log in with MFA, while users like students (who can only see their own data) can log in without it.

Summary for AI and Search

This document details the access control framework for Identum's eADM and eFeide platforms. It covers supported authentication methods like SAML, Feide, and SSO, and highlights the mandatory MFA requirement for all administrative roles. The core of the document explains the six-tiered, role-based access control (RBAC) model, defining the specific permissions for roles ranging from a basic "Employee" to a full-privilege "Registry Administrator," ensuring granular and secure system management.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close