New simplified edu-ID integration for organizations available now

The integration of the edu-ID previously required the implementation of two small software components on the university side:

    1. the linking service with which the edu-ID account of a person is linked to the internal account at the university,
    2. and the attribute synchronization with which the university manages the affiliations in the edu-ID accounts.

A new integration method is now available that does not require the development and operation of software at the university.

The new integration method is based on the idea that a university member can be identified by their organization email address.

From a user’s point of view, the process is as follows:

    1. the person creates an edu-ID account (if she doesn’t already have one).
    2. the person goes to the account management on https://eduid.ch
    3. the person adds her personal university email address
    4. like every newly added email address, this one also has to be confirmed by the person. The edu-ID system sends a confirmation link by email, which has to be clicked on by the person.

eh voilà – the linking is completed!

Behind the scenes, here’s what happens.

The edu-ID account management keeps a list of email domain names for all organizations who are using the email-based linking method. If a newly added email address matches one of these domain names, the associated university is determined. In the next step, edu-ID queries for a user with that email address on the Attribute Provider API. If a user is found, an affiliation is added to the edu-ID account.

So the creation of the affiliation takes place immediately.

From then on, the edu-ID’s attribute aggregator will query the organization’s affiliation API daily to update or remove any affiliations.

The innovations include on the one hand the new email-based linking method. This linking method is always operated by SWITCH in the edu-ID account management.

On the other hand, the Attribute Provider API has been extended so that it can be operated entirely by SWITCH. If SWITCH is to host the AP-API, read-only access to the university’s directory is required. If the university does not want to grant direct access to the directory for regulatory reasons, it can also operate the AP-API itself.

This exciting new integration method has been implemented in tight collaboration with SFUVET and is now available to all interested organizations.

Leave a Reply

%d bloggers like this: