Slide

InAcademia for Merchants

Why you should be using InAcademia

When you’re looking to target the student and academic community in your online sales plan, sometimes you need to be certain that the users claiming offers, discounts and services are entitled to do so. InAcademia is ideally positioned to provide a simple but trustworthy validation of “student-ness” or other academic affiliation for exactly that purpose!

InAcademia provides a lightweight online service that taps into the world of federated academic identity, removing the need to incur manual processing overheads, which are expensive and create data privacy risks.

InAcademia is the real-time, digital equivalent of asking a student or academic to show you their university or student card in order to access or buy your services and products. Using InAcademia will mean that you no longer need to rely on university email addresses or to wait for prospective users to provide copies of identity cards or documentation before you can engage with them. It provides an efficient solution that minimises costs and manual processing.

InAcademia Availability

InAcademia is being used in live retail workflows in 13 countries (Austria, Denmark, Finland, France, Germany, Greenland, Iceland, Italy, Malta, Spain, Sweden, The Netherlands and Turkey) and is available across Europe - we're currently recruiting commercial use cases as launch partners in Czechia, Hungary and New Zealand, as well as other European countries.

Like its parent product, eduGAIN, InAcademia provides real-time validation of academic affiliation using trusted sources, but unlike eduGAIN it provides a single point of interaction for the merchant, particularly those that operate OpenID Connect clients, which acts as a gateway to academic identity providers using the InAcademia service, with the potential to reach a high proportion of academic institutions across Europe, and without the need to understand the technical nuances of each national identity federation.

So if you need a simple, authenticated and trustworthy validation of academic affiliation, InAcademia is the solution!

Benefits vs eduGAIN

The benefits of InAcademia in comparison to full federation membership are extensive:

  • InAcademia supports the principle of data minimisation: where other processes require merchants to request proof of academic affiliation that might expose additional personally identifiable information about the user, InAcademia requests only the attributes necessary to confirm academic affiliation, and does not share the attribute values received from IdPs with the merchant.
  • InAcademia is operated and governed by the European national identity federations, therefore, merchants using InAcademia have the benefit of the technology and experience without having to understand every aspect of the academic federated identity landscape.
  • InAcademia keeps in step with the various developments in policy and technology that would otherwise have to be understood and mitigated in-house by the merchant.
  • InAcademia directly supports OIDC clients (where the IdPs and eduGAIN protocol is typically SAML).
  • InAcademia responds to a merchant request for validation with pseudonymised identifiers, and strips out any superfluous PII returned by the IdP before returning an id_token to the client, meaning that it's a truly privacy-preserving route to using academic federated identities.
  • InAcademia handles error flows in a more predictable manner: native OIDC error flow combined with the heterogeneous nature of the eduGAIN landscape can be quite confusing. In comparison service providers have to understand and handle multiple error scenarios.
  • InAcademia logs key events and proactively works to resolve issues found with support of each national Federation.
  • Some federations operate an opt-in policy: if service providers were to rely on federation membership alone they would have to persuade on a 1:1 basis all institutions to opt into their SP, and would need to handle any technical idiosyncrasies of every institution.  InAcademia creates a 1:1 relationship (SP to InAcademia) instead of a 1:Many relationship (SP engaging with every Federation and Institution either to fix issues or to ensure IdPs opt in or don't filter).

Additional Features

Furthermore, merchants using InAcademia can benefit from a number of additional features:

  • InAcademia's IdP_hinting feature can assist merchants who are keen to reduce the number of clicks a student needs to make in validating a sale or registration process using federated identities, and can also be used in restricting services to use cases in specified countries, or even to a subset of specific institutions. In practice, this makes it possible for merchants to map their own database of targeted institutions directly to the authentication process, thereby skipping the part that asks users to find their institution. Using this element of the InAcademia service as designed has the added benefit that whenever an institution changes the technical infrastructure on which eduGAIN relies to validate a user, for example, when the name of the institution changes, InAcademia will inherit the changes in a way that doesn't disrupt the merchant's validation process, a problem that sometimes impacts services that use federated identities directly.
  • The re_use detection feature makes it possible for the merchant to include the ‘reuse_detection’ claim in its OIDC request, that will elicit a response from the InAcademia service containing a pseudonymised hash of any supported persistent identifiers (provided they are received from the IdP) as a series of values that merchants permitted to use the persistent flow can utilise in order to recognise a returning user.
  • Please note: the InAcademia Service makes no attempt to create a relationship with users/students; its operators are in no way responsible or obligated to the end user for any aspect of the products/services subject to the purchase.  InAcademia does not act as an agent for the student, merchant, institution or identity federation, and the identity validation process is a non-linear diversion that does not relate to the sale itself.

    Underlying Technology

    Merchants connect to InAcademia using the widely adopted OIDC protocol. InAcademia provides a uniform technical experience for merchants and presents a familiar single-sign-on user interface to users. InAcademia interacts with the heterogeneous, largely SAML-based landscape of R&E Identity Federations and academic Identity Providers in the background, thus hiding all the complexity that is inherent in the varying policies of federation and identity provider solutions.

    InAcademia's enhanced error-handling capabilities improve significantly on the native OIDC errors, making it much easier for merchants to determine the ongoing workflow for the result of all validation requests.

    For more technical information on how to implement InAcademia click here

    Have a Question?

    Check out the Frequently Asked Questions section
    Skip to content