Centralised user authentication

Service status
4 - In use
Service is meant for
Short description

A joint authentication system used in the University’s network services and information systems, allowing the use of several services with a single sign-on. Also includes the administration of access rights to the systems.

Service description

Centralised user authentication allows the identification of users of the University’s network services and information systems in such a way that a user can use the same user account for logging in to all services included in the authentication service. In addition to logging in, the service also takes care of the administration of access rights to systems, i.e., who has access to the various parts of the system. The service also includes the necessary information security solutions.

Options used for authentication are Shibboleth/SAML2, LDAP and AD authentication.

SAML2 is the recommended option as it offers the best information security, among other things. If necessary, also users from other domestic and foreign users can be included in the SAML2 authentication if they are members of HAKA or a similar trust network.

LDAP authentication is also a possible option as it allows the transfer of several types of data concerning the user (such as membership in groups).

Direct AD authentication is only possible when none of the above options are suitable because of the technical properties of the system. It should be noted, however, that not everyone has the permissions required for this option.

Options for the administration of access rights include using the HERO system or groups.

The HERO system is used when it is necessary to restrict the access rights to certain persons. In the HERO system, access rights are applied for through a chain of approval (a person’s supervisor approves their request for access rights, for example), and the access rights expire at specified intervals.

Administration of access rights by means of groups is possible when you want to grant predefined group access rights to the system. Group membership information may be administered automatically based on information obtained from background systems (such as staff of a specific department), or the administrator of the group can perform administration tasks manually.

How to take the service into use

Start by contacting the customer service representative of your unit or faculty and telling them about your needs. The opportunity to use this service is always determined on a case-by-case basis.


The IT Center is responsible for the maintenance and development of systems related to user administration.

User support

User authentication options are documented on page https://wiki.helsinki.fi/x/DgLICw.

The IT Center’s specialists provide consultative support.

Service provider

Free of charge within the University. The cost of using the Vetuma service may be charged separately. If necessary, consultation for implementation and maintenance is provided through IT consultation.

Back to top