Welcome!
Included, you will see an introduction page, followed by the overview of your guest network and/or your authentication service, depending upon the service provided by your institution.
- Institutions acting as a Service Provider offer a guest network allowing visitors to access the wifi/network on their premises. Their report include the Service Provider overview.
- Institutions providing credentials (login/password) to their users, allowing them to be remotely authenticated while visiting eduroam locations are presented with the Identity Provider panels.
- Institutions offering both guest network and authentication service have access to the overview of each service: the Service Provider (SP) and the Identity Provider (IdP) overviews.
Introduction page

(1) Each device successfully authenticated, identified from username and hardware address, counted once.
(2) Details about the balance between your accepted and rejected requests are available on the following pages.
Service Overview (4 pages)
The request graph page
(2) To ensure readability, the display and frequency are adjusted to the time period. For reports generated for a time period greater than 2 months, the overview of accepted/rejected requests over time uses a full week interval per bar (including the full weeks of the period start date and end date).
- Unfederated Realm: the realm format of the username/login (user@realm) targets the US eduroam federation (.edu), but there is no peer associated to this realm. Potential underlying reasons include typos, no longer supported realm and missing configuration/exception on the Top Level Servers.
- Empty Realm: the realm part of the username is empty. The requests can't be associated to an Identity Provider. Service Providers should filter/discard such requests to reduce traffic and number of rejects.
- Domain Loop: the request has been preempted to avoid a loop between servers. A common case involves a misconfiguration of an SP/IdP institution, forwarding requests to the Top Level Servers for a realm/sub-realm for which it provides authentication. Such peers must correct their configuration to avoid this behavior.
- No Response: the Top Level Server did not receive a response from the Identity Provider server before reaching a timeout.
-
Invalid Character: the username contains invalid characters such as newline or tabulation.
-
Non-EAP: the data exchange configuration does not comply with the EAP (Extensible Authentication Protocol) standard, which is required for eduroam authentication.
-
Rate Limiting: some requests have been dropped as a preventive step to avoid an overload of the servers.
-
Disabled ANYROAM: the request is associated with ANYROAM (non eduroam) credentials not allowed by the Service Provider. Such requests are only accepted at campuses where ANYROAM is enabled.
-
Other: all other types of rejected requests. For most of these requests, the "Reason" field inherent to the reject has been filled with a customized message by the Identity Provider server or has been left empty. In the later case the message "Proxied" is added by the Top Level Radius servers.
The device graph page
The United States location page
This page shows the destination/origin of your users/visitors on United States soil.
(1) Each US institution coordinates (for origins as well as destinations) are set as the coordinates of the institution's "Primary Organization Location". Administrators can update this attribute on the institution page, under Edit->Miscellaneous Information.
The world data page
The world data page offers a map and a list showing the different countries of origin (or destination) of your visitors (or users).