Welcome to ID Broker manual for service providers!

This documentation is intended for administrators and developers of service providers who want to connect a service to the ID Broker.

To follow this text, you need to understand the basic concepts of LDAP and UCS@school, be familiar with OAuth 2.0 and OpenID Connect (OIDC) and be able to integrate these concepts into your app.

This documentation doesn’t cover the on-boarding of school authorities, who want to connect to the ID Broker. To find more information about these topics, visit the Univention documentation.

As a service provider, you can use the ID Broker to use single sign-on (SSO) for end users between the Identity Provider (IDP) of connected school authorities and your service. Service specific pseudonyms are used to ensure that users activities can’t be combined to build user profiles. Additional information, like class membership or school roles, can be accessed by the Self-Disclosure-API.