Access/Service Provider (SP)
Participating universities typically broadcast an SSID called 'eduroam' on their Access Points/Hotspots. The underlying WLAN needs to be WPA2/3-Enterprise with IEEE 802.1X authentication. Most modern network equipement does support these requirements.
Classic Service Provider
This is the typical use case. Institutions tell their network controller to configure the 'eduroam' SSID on all attached access points. The controller itself is then connected either to their IdP or directly to the national proxies (FTLR).
Managed SP (MPS)
Service State: Pilot
For ad-hoc installations (Conferences, Hotels, Home Office), the 'Managed SP' service allows to configure a WPA2-Enterprise WLAN without the need to operate a RADIUS server for authentication. The service provides a redudant RADIUS infrastructure that can be referenced on the access point/network controller. Authentication requests on these access points will then be send to the MPS RADIUS servers from where they are forwarded to the respective IdP.
With the recent increase in remote work, having an eduroam SP at home that can be used for testing and debugging turns out to be quite useful for eduroam operators. It additionally has thenice side effect that you can provide your kids, guests, neighbours with a valid eduroam login a secure wireless access that needs no setup.