====== Login process ======

The following picture displays the sequence of steps that are made when a user accessed service connected to the ProxyIdP.

 
{{:en:index:documentation:user:fed_log.png?600|}}


  - User navigates to the webpage of the service he/she wants to use.
  - The service will require a user to log in. The login button is initiated by the user via clicking the login button or happens automatically.
  - Login request is sent from the service to the ProxyIdP. It redirects the user to the page where he/she can select external account associated with the AAI account.
  - The user lands on the Discovery Service. This page lets the user select account with which he/she wants to log in.
  - After selecting the entity, the user is redirected to the page of selected entity (i.e. organization website). User enters his/her personal credentials and performs login.
  - User has now successfully authenticated at the selected entity. This login results in a set of attributes (i.e. Name and email) associated with the user being transferred to the ProxyIdP.
  - At this point, IAM (identity and access management) system - Perun, provides additional information (i.e. preferred language) associated with the user.
  - ProxyIdP transfer all the attributes service has requested back to it. Service recognizes the user as logged in. User can now use the service.