Affiliation Removal

Current affiliations are entirely controlled by their organizations. SWITCH never proactively creates, updates or deletes current affiliations.

Triggers to remove a current affiliation

A current affiliation is immediately removed if

  • either the organization sends a DELETE request on the affiliations API (if the organization uses the attribute push method),
  • or a person is removed from the list of members in the Attribute Provider API (pull via AP-API).

For organizations that have not yet integrated edu-ID in their identity management processes the validity of a current affiliation gets daily checked by issuing an attribute query to the organizational IdP (pull via SAML). A current affiliation is removed if

  • the organizational IdP responds with a "no user found" on 4 consecutive days. After the 4th day, the current affiliation is removed.

Removing a current affilation

The following actions are carried out when a current affiliation is removed:

  1. Organizational email addresses of the affiliation are removed from the list of possible login names.
  2. A former affiliation is created with a subset of personal data from the current affiliation. The internal attribute affiliation-period-end is set to the current date.
  3. The current affiliation is deleted. The user loses the related organizational membership state in the edu-ID identity. Services that require the organizational membership are no longer accessible by the user.
  4. An email is sent to the user with an information that the affiliation has been removed by the organization.

Note 1: A user may have multiple current affiliations. Removing one specific affiliation does not affect other current affiliations of the user.

Note 2: After step 1, the user might have no email address left in the edu-ID account. Without a valid email address the user has no login name. Therefore, the user can't access the account anymore. Upon user request, such an account can be reactivated in a manual edu-ID support process.

Managing former affiliations

A former affiliation is automatically created whenever a current affiliation is deleted. The set of former affiliations of a user is the history of previously current affiliations.

Former affiliation management is only partially implemented so far. The following features are missing:

  • attributes of former affiliations can't be accessed by SPs
  • former affiliations can't be created other than by deleting a current affiliation. In the future an API or import interface may be available to retroactively add former affiliations.
  • The only way to delete a former affiliation is on user request via support.