How to do the basic steps in Helmholtz AAI

In a decentralized, networked model of cloud services known as federated cloud, the federated Authentication and Authorization Infrastructure (Helmholtz AAI) plays a crucial role. Proper usage of this system requires a few key steps and some foundational knowledge to avoid common pitfalls.

See here how to do the most important steps:

• A) As a user: How to log in to cloud services
• B) As a user being invited to a group: How to join a group (VO)
• C) As a group leader/PI: How to create and manage a group (VO)

In all cases: If anything breaks, check FAQ, or contact us.

---

A) As a user: How to log in to cloud services

1. Go to a service page, e.g. listed in Cloud Portal
2. Click on Log in Button.
   • Never log in directly on the service page.
   • Instead, search for “Helmholtz ID” / “Helmholtz AAI”.
3. Search for your institution, or alternatively ORCID, Google, Github if that suits you more.
4. Log in with your normal username, password etc
5. If it’s your first time, accept usage conditions, etc.; accept data transfers.
6. You should end up in the service and see your content.

---

B) As a user being invited to a group: How to join a group (VO)

1. In order to join a group (“virtual organisation”, VO), you should have received a mail from Helmholtz AAI with a link. That mail has been triggered by your group manager (step C below).
2. Click the link.
3. Log in as described above (section A).
   • Wait for invitation page to load. This can take several minutes; don’t close or reload the tab. We’re working on it.
4. Accept VO Policies and enter the group.
5. Optional: You can check your group membership(s) anytime at https://login.helmholtz.de/home/. After the previous steps, the desired group should appear here.
6. To make the new group membership have effect, e.g. gaining access to group’s data and resources, you need to log in anew to that service. That is:
   • If you’re logged in to the service already, log out.
   • If the service is in DESY (e.g. dCache), also log out from DESY’s Login portal Keycloak.
   • Log in to the service again.
7. You should see the content belonging to your new group.

---

C) As a group leader/PI: How to create and manage a group (VO)

1. For your group, you may need a so-called “virtual organisation” (VO), if you
   • want to manage multiple users, in hierarchical groups, for multiple services, and/or
   • want to include users outside of Helmholtz.
2. If so, apply for a new group as described here.
3. Once granted: invite your users, optionally manage subgroups and delegate responsibilities, as described here.
   • Wait for invitations to be sent. This can take several minutes; don’t close or reload the tab. We’re working on it.
4. Point your users to this page, step B for basic How-to.