Identity federation

The Czech academic identity federation brings together members who exploit information about the identity of their users while facilitating their access to various network services. Each federation member can play one or both following roles:

  • Identity provider manages usernames, passwords and other data about its users; and makes certain data available to service providers;
  • Service provider provides web application or network service and deploys information on identity and possibly other characteristics of users for managing the service access.

Feature description:

  • Easy access to several applications and services of partner entities, the user is only required to sign in once;
  • Application administrators do not store user authentication data and do not perform any authentication;
  • The user authentication is always performed at the home server, the sensitive authentication data do not leave the home network;
  • The federation infrastructure provides easy, standard and secure means of user data exchange.

Through, the access to international services via the eduGAIN interfederation can be provided.

The Attribute authority is the extended functionality of

Key benefits

  • The user can access several applications and services on a single sign-in;
  • The user always signs in on the home server and is granted the service provider authorisation upon the authentication.
  • Application administrators do not store user authentication data and do not perform any authentication.

Target audience

The services provided by CESNET are available to entities which comply with the Terms and conditions for the access to the CESNET e-infrastructure. The entities which fail to comply with the Terms may only be connected to the federation as service providers.


The service is available to the broad community free of charge.


To install the service, the participant should follow the instructions in the guidelines. Once the administrative contact person has been appointed and authenticated, the user should launch own entity (IdP and/or SP) and request that metadata are uploaded in the identity federation.

Related services

Last change: 23.5.2017