Current affiliations are entirely controlled by their organizations. SWITCH never proactively creates, updates or deletes current affiliations.
Triggers to remove a current affiliation
A current affiliation is immediately removed if
- either the organization sends a DELETE request on the affiliations API (if the organization uses the attribute push method),
- or a person is removed from the list of members in the Attribute Provider API (pull via AP-API).
For organizations that have not yet integrated edu-ID in their identity management processes the validity of a current affiliation gets daily checked by issuing an attribute query to the organizational IdP (pull via SAML). A current affiliation is removed if
- the organizational IdP responds with a "no user found" on 4 consecutive days. After the 4th day, the current affiliation is removed.
Removing a current affilation
The following actions are carried out when a current affiliation is removed:
- Organizational email addresses of the affiliation are removed from the list of possible login names.
- A former affiliation is created with a subset of personal data from the current affiliation. The internal attribute affiliation-period-end is set to the current date.
- The current affiliation is deleted. The user loses the related organizational membership state in the edu-ID identity. Services that require the organizational membership are no longer accessible by the user.
- An email is sent to the user with an information that the affiliation has been removed by the organization.
Note 1: A user may have multiple current affiliations. Removing one specific affiliation does not affect other current affiliations of the user.
Note 2: After step 1, the user might have no email address left in the edu-ID account. Without a valid email address the user has no login name. Therefore, the user can't access the account anymore. Upon user request, such an account can be reactivated in a manual edu-ID support process.
Managing former affiliations
A former affiliation is automatically created whenever a current affiliation is deleted. The set of former affiliations of a user is the history of previously current affiliations.
Former affiliation management is only partially implemented so far. The following features are missing:
- attributes of former affiliations can't be accessed by SPs
- former affiliations can't be created other than by deleting a current affiliation. In the future an API or import interface may be available to retroactively add former affiliations.
- The only way to delete a former affiliation is on user request via support.