SWITCH Identity Blog

The Identity Blog puts the spotlight on identity management, digital identities, identifiers, attributes, authentication and access management.

Semester starts at UNIFR with SWITCH edu-ID

The University of Fribourg (UNIFR) has also been working with SWITCH edu-ID since 28 January 2020.

Do not let yourself be locked out!

With a targeted campaign, the University of Fribourg persuaded around 90% of its users to link their accounts before switching over to SWITCH edu-ID:

 

Poster and website campaign / Number of linked accounts and times of email dispatch


The splash screen used in Moodle has probably also contributed significantly to this success:

Due to these measures, there should be no rush of support at the beginning of the semester and the changeover should therefore be completed.
The users were guided through the linking process in 3 steps. Fist they registered with their university account on the myunifr.ch portal. There they receive a confirmation if their university account is already linked to an edu-ID account:

If necessary, a SWITCH edu-ID account should be created in the second step. Then, in the third step, UNIFR and edu-ID accounts are linked. The text instructions are supplemented by a picture and video guide.

Once the university has switched to edu-ID, all that is required for linking is to register on UNIFR’s internal linking service – first with the university account (on myunifr.ch) and then with the edu-ID account. Since updates work according to the Attribute Pull method, it can take up to two hours before access to services after linking works – a circumstance that needs to be made clear to users who are used to everything working immediately after an action.

All members of UNIFR who use federated services must link after their university account has been created (Linking-after-admission).

No end to local authentication

Not all services are accessible via SWITCH edu-ID. This is partly for technical reasons, and partly because various services are reserved exclusively for members of the university and are therefore not federated.
At https://www.unifr.ch/go/eduid you can see which account is to be used where. The user interface also clearly shows which login is to be used (left local login window, right SWITCH edu-ID login window):

With Moodle, it is even possible to log in with a local account, SWITCH edu-ID, external account or as a guest.

The registration for students remained largely unaffected by the changeover. For students, the UNIFR account will also be created first – only then will the linking take place.

Central functions with new Campus Management System

The University of Fribourg began planning to switch over to SWITCH edu-ID in early 2017 – in parallel with the commissioning of key components of its new Campus Management System. This made it possible to incorporate the processes that change with SWITCH edu-ID. The central system for user administration simplified the changeover.
Stéphane Recrosio, Jacques Tissot, Matthieu Rosset, Nicolas Rouiller and Jacques Monnard clarified Campus Management System, IdP, API and service issues step by step, and thus also helped to set up the technical checklist which is used to guide universities through the migration process.
Visualizations were created for the planning process to help understand important system components and processes.

The replacement of the Shibboleth IdP by functions of the Campus Management System and implications were clarified and also graphically presented. Process diagrams have proved to be very useful at other universities too and serve as a basis for the subsequent detailed planning, where all cases of the different user groups are recorded and described. After implementation, the process diagrams can also be used as a basis for testing the various use cases.

Comments are closed.