SWITCH Identity Blog

The Identity Blog puts the spotlight on identity management, digital identities, identifiers, attributes, authentication and access management.

The Right Way to Create an Account

Like described in the blog post Sending Users on the Right Path, it sometimes is in everybody’s interest to guide end-users on a certain path to achieve a goal. Such helpful nudges are also used during account creation when end-users choose how to create their SWITCH edu-ID account.

During account creation end users are confronted with a choice to create their account with an AAI account or without one:

Create edu-ID account with or without AAI

From the end-user’s, the organisation’s and from edu-ID’s point of view, the best option typically is to create an edu-ID account with an existing organisation AAI account. The account data is then of better (verified) quality, the edu-ID linking becomes easier and the end-user typically can access more services by having an organisation identity. Therefore, the edu-ID account creation page by default shows a hint when a user tries to create an account without AAI while providing an e-mail address of an AAI organisation:

Hint when trying to create an edu-ID account with an AAI organisation e-mail address

Nevertheless, sometimes end users are not aware that they have an AAI account or they are confused by these two options. If they then create an edu-ID account without AAI, they often lack privileges which are required to access certain university related services or that they would benefit from (e.g. on swisscovery).

On the other hand, there are universities whose edu-ID linking process requires end-users to create an edu-ID account without AAI. When creating an edu-ID account without AAI, one has to provide an e-Mail address. In these cases it is preferrable to provide a non-university e-mail address, i.e. a private e-mail address. Having a private e-mail address associated with an edu-ID account ensures that the account can be used also once a student finished her studies or a staff member left an organisation. In these cases the organisation e-mail address is automatically removed by edu-ID.

To require end-users to provide a private e-mail address during non-AAI account creation, University of Lausanne requested that the account creation page should not accept e-mail addresses ending in unil.ch. Therefore, we implemented this feature on their request like shown below.

Error message in case @unil.ch e-mail address is provided.

With this blog post we would also make aware other organisations of this feature as it would be beneficial for some other organisations as well. The feature can be enabled on request to the edu-ID team by domain name (e.g. ‘ethz.ch’, ‘fhnw.ch’) used in e-mail addresses. Organisations can also provide a text in four languages that should be shown in case a user tries to create an edu-ID account with an organisaton e-mail address.

Author: Lukas Hämmerle

I'm a member of the SWITCHaai team and the SWITCH edu-ID team.

Comments are closed.