Christopher Greiner, service coordinator, UNIL IT:
It has been two months since our move to edu-ID, here is a recap of our trials and tribulations in switching identity provider.
The University of Lausanne (UNIL) successfully migrated to SWITCH edu-ID on the 10th of February 2021.
We had been preparing for this migration for quite a long time: we first heard about the Swiss edu-ID project back in early 2014. Our university had been one of the early adopters of SWITCH AAI, and quite heavy users of the service, so we were very interested in hearing what SWITCH had in store for the future of this digital identity; we decided to take part in the workshops organised by SWITCH, thinking that the earlier we were involved, the easier it would be for us to find solutions specific to our university’s needs.
The migration happened in three phases, and throughout these, we were having regular meetings with SWITCH, who were extremely helpful, and flexible with our multiple requests, even finding solutions for very UNIL specific use cases.
Firstly, we had to convince people why this migration was necessary. This took a few presentations to our management and colleagues to explain what was happening, why it was important and more importantly, what the consequences were for them and their services. A change of leadership at the end of 2018 in our IT department meant this took a bit more time than expected!
Secondly, on the technical side of things, we first had to review our various existing onboarding and identity management processes, to find where to insert the new processes needed to link our UNIL accounts with edu-ID.
Once we decided where the various bricks would be added, we had to develop the linking service and adapt our identity management system to do the magic.
Our linking service went live in early August of 2020, in time for the new wave of students enrolling in the fall semester. This generated a few questions from both new students and our helpdesk, and required some tweaks and adaptations, but the launch went largely smoothly.
In the weeks before the changeover, SWITCH provided us with checklists which were very useful, enabling us to feel confident we had not forgotten anything. SWITCH also supported us with some specific, technical help regarding certain AAI services we had configured bilaterally. Some of these had to have their configuration adapted so we could add it to the resource registry.
Thirdly, and mostly importantly, we had to get our users to create their edu-ID and link it.
The main challenge we could see was explaining the project to our users as well as communicating which services would be using their edu-ID account, and which services would continue using their UNIL account.
We gave ourselves just under 6 months to get our users to do their part of the work. We took care of the linking for our users who were already using SWITCHdrive.
For the remaining population, we
- sent a number of emails, set up a blog dedicated to the edu-ID migration,
- put up posters in strategic areas of the campus,
- added messages to our portal and our then AAI login pages reminding people what they had to do.
By the end of the process, we were sending out weekly reminders to the users who had yet to link their account.
On flag day, roughly 75% of our users had correctly linked their accounts.
When SWITCH pulled the trigger, the changeover happened extremely smoothly, with no issues of note, and very few questions for our helpdesk.
In summary, if we had to do it again, we would reconsider automatically linking our SWITCHdrive users: this generated the majority of the post migration questions as these users had forgotten they already had an edu-ID (despite us sending them a specifically tailored email) so many of them created duplicates and did not understand why they couldn’t log onto our services using this second, unlinked edu-ID account. As with our other users, we should have asked them to link their identities themselves.
We were well prepared for the migration, which went very well. The most important aspect was communicating the changes to our large user base (over 30’000 accounts).
A certain global pandemic threw a spanner in the works which meant we had to change certain strategies and slightly delayed the migration.
Again, we would like to reiterate our thanks to SWITCH for their help and guidance throughout this migration.