SWITCH Identity Blog

The Identity Blog puts the spotlight on identity management, digital identities, identifiers, attributes, authentication and access management.


ZHdK starts the year 2020 with SWITCH edu-ID

Right at the start of the year on 8 January 2020, the Zurich University of the Arts (ZHdK) switched over to SWITCH edu-ID.

Smooth changeover thanks to good preparation and a high ‘linking’ success rate

Technically, everything was threaded perfectly and the changeover of the IdP went off without a hitch. After initialization and planning in 2018, the work could be started at the beginning of 2019 with the development of the connector, followed by the setup of the linking service and the migration of the IdP. The fact that everything went so smoothly was partly due to the fact that a large number of users had linked their accounts in time for the migration:

Target group Target value
Success rate
Students 60 % 67.4 %
Lecturers 60 % 68.5 %
Midlevel faculty 70 % 83.1 %
Staff 70 % 79.1 %
Externes 0 % 5.3 %

The communication measures were very successful with all target groups.
These consisted of a post in the Rectorate newsletter, a poster at the helpdesk, multiple e-mails sent to people without a linked account (maximum of three follow-ups and a final e-mail to users of the three most frequently used services), a message in the Rectorate newsletter shortly before the changeover, and detailed instructions on how to create and link the edu-ID account. E-mails were sent to the different groups of people in a staggered manner. This meant that support before and after the changeover to SWITCH edu-ID was uncomplicated and that the work involved was predictable and manageable.

Continue reading


ZHAW has switched to edu-ID – with around 20,000 people!

The Zurich University of Applied Sciences (ZHAW) is using SWITCH edu-ID as replacement for the former AAI accounts and IdP since October 18. With currently around 20,000 persons with ZHAW affiliation, it is the largest university to date to use edu-ID.

Planning and reality

The ZHAW is one of the “Early Bird” universities that have already started planning the transition in 2017. The ZHAW coined the term “script cemetery” – a term for IdM processes that are based on many scripts difficult to maintain. The university therefore decided to replace its existing IdM. The edu-ID planning was part of this redesign project. Right from the start, the project manager succeeded in bringing all relevant stakeholders together at one table and also involving the departments where necessary, so that the migration plan was available in February 2018.
Continue reading


Applying for Medical School using SWITCH edu-ID

Anyone wishing to begin studying human medicine, dentistry, veterinary medicine or chiropractic must register online with swissuniversities.

Since this year, authentication is exclusively done with SWITCH edu-ID on the Medon registration platform. Thus Medon uses a unique feature that was introduced with edu-ID in the Swiss AAI federation: anyone can create an edu-ID account and use it in the context of academic services.

Continue reading


eduroam goes edu-ID

eduroam.ch launch, with cake

eduroam is the well known and widely used, worldwide high-performance wifi access service from GÉANT. Eduroam profiles for a large variety of end user devices are now also available on the eduroam.ch portal.

Today, on 1st December 2019, the eduroam.ch service enters its pilot phase. Within the four months to come, SWITCH will find out whether this enduser-friendly service actually responds to a need of the Universities or not. eduroam.ch uses your SWITCH edu-ID for authentication, and lets you download a profile for each of your devices in a user-friendly way. These profiles are somewhat special in that they solve a typical BYOD problem. Today’s profiles obtained by eduroam.ch won’t connect you to inner V-LANs, but only to a generic or “guest” V-LAN, as on any other Campus.

Two Universities joined the pilot already right at the beginning. Others, as well as further organisations like e.g. Alumni associations, may join during the whole pilot phase until 31. March 2020. Participation in the pilot is free, and Universities can use this service in parallel to their specific existing eduroam profiles and infrastructure.

Organisation wanting to join, contact us at eduroam-support@switch.ch. The same contact point answers also all further questions you may have about the service.


150’000 edu-ID accounts!

Less than 8 months after reaching 100’000 accounts, the SWITCH edu-ID can already celebrate its 150’000st account! Of course, we got a cake (again!) and of course, we took a picture (again!). Around the start of the semester in September, we have seen days where more than 1000 persons registered their SWITCH edu-ID!


Secrets of the edu-ID passwords

Since a few months now, edu-ID users  can secure their account with multi-factor authentication (Two-Step Login). However, currently 99.5% of all edu-ID accounts still rely exclusively on username and password authentication. It is unlikely to quickly change soon in the near future, despite the death of the password has been announced time and time again. The password remains the easiest, best known and – in many cases – the cheapest authentication solution. Therefore, the edu-ID team invests a lot of effort into assisting users to choose a strong password and to store it securely. Continue reading


University of St. Gallen has adopted SWITCH edu-ID

On July 17 2019, the University of St. Gallen and SWITCH have flipped the switch.
From now on, members of the university will use SWITCH edu-ID accounts to access federated services.
Armin Schibli, Thomas Köppel and Thomas Mesaros drove the project forward and ensured the successful implementation in St. Gallen.

One of the early birds

The University of St Gallen was one of the first planning phase participants in 2017 and therefore, ready to start planning at a time when not all components of the SWITCH edu-ID service were available and no clear paths for adoption had been defined.
Nevertheless, the IT team was ready to accept the challenge and held intensive discussions with SWITCH and the local stakeholders to find the best suitable way to adopt SWITCH edu-ID. The result was what we internally call “the St. Galler model”.

Continue reading


NOT for university members only

FHNW e-media offering for teachers uses Shared Attribute API

In principle open

Openness is one of the promises made by SWITCH edu-ID. In recent years, universities have increasingly opened up to additional user groups such as continuing education students or MOOC participants. Cooperation with external parties is becoming increasingly important overall, be it with other universities, research institutions or partners from the private sector. Academic institutions are expanding their offerings, and not every person who makes use of university services has to become an official member of the university.

But that’s why you let everyone in?

However, most service providers do not simply want to blindly trust a self-declared identity that users bring with them (i.e. a “naked” edu-ID).
There are many reasons why one wants to protect applications and content from unauthorized access, e.g. to prevent data theft or manipulation or to comply with data protection or license regulations. And if abuse has taken place despite all precautions, one wants to be able to find out who one can hold liable for damages. Of course, this can be difficult with unchecked identities, even if the majority of users behave correctly and have provided the correct personal data for their digital identity. So is this a reason not to trust edu-ID identities?
Continue reading


Multi-Factor Authentication Reinforced

Since December 2018 the edu-ID login has supported multi-factor authentication in form of a two-step login that relies on SMS codes. However, receiving one-time SMS codes requires a mobile phone. Not all users want to add a mobile phone number to their edu-ID account. Furthermore, SMS messages generally cannot be securely sent. There is always the risk that somebody else intercepts SMS messages. Some edu-ID users also want to use multi-factor authentication for all their edu-ID logins but without entering a one-time code several times per day.
To address the above issues reported by the community, we extended the edu-ID two-step login in the following three areas…

Continue reading


Trust & Identity WG Meeting / SWITCH edu-ID Update Event 2019

SWITCH invites you on Wed, 15 May 2019 to the 2nd Trust & Identity WG Meeting combined with the SWITCH edu-ID Update Event in Berne.

Registration is open until Tue, 7. May 2019 and required for logistical reasons.
Refer to the registration page for the draft agenda and schedule.

A longer section of the event is dedicated to SWITCH edu-ID. The heads of IT of University of Lucerne and Distance University will talk about their adoption experience.

Administrators of either an Identity Provider or Service Provider registered in SWITCHaai as well as the SWITCHpki registration authority operators and all persons involved in (future) planning and adoption of SWITCH edu-ID are invited to participate.


What’s the SWITCH Trust & Identity WG?
The SWITCH Trust & Identity WG comprises representatives of all SWITCHaai Participants and SWITCHpki Participants in the SWITCH Community and the Extended SWITCH Community.
This group is informally involved with the further development of SWITCHaai/edu-ID and SWITCHpki and has the opportunity to provide feedback if there are questions or changes upcoming.


Switzerland’s E-ID Law clears further hurdles

Creating a new law is a long journey. We already featured several “making of” stages of the Swiss E-ID Law and the contributions of SWITCH in our E-ID category: consultation of an E-ID Concept in 2015, consultation of an early draft E-ID Law in 2017, publication of proposed law in 2018.

Another hurdle was recently cleared with the National Council approving the proposed law with relatively minor changes in March 2019 (for the interested: this business is referenced under 18.049). A minority wanted to change to government-issued Electronic Identities (eIDs), but the proposed market model was upheld.
Next step is the debate in the Commission of Legal Affairs of the Council of States in April 2019. In the absence of major changes, the law can be put in force in 2021.

Continue reading


Distance University too uses now edu-ID

On 6 March 2019, Distance University became the second university to switch to SWITCH edu-ID for authentication and access to its services. Here is an extract from their experience:

IT as a driving force

The project was primarily carried out by the IT department – supported by Marketing. All information had to be written in German and French. Student managers, who act as the first contact persons for teachers and students, were trained in advance by IT.

It took about 1.5 years from the initial discussions with SWITCH to the completion of the project. Distance University IT spent in total one man-month developing and testing the technical implementation. In addition, project management and communication were particularly time-consuming.

Information campaign as key

The Distance University launched an information campaign in the summer of 2018, thus persuading 75% of the university members to create an edu-ID account. The scenario “Linking before day X” was used for current users. The creation/linking of the account was simple and user acceptance correspondingly high.
Continue reading


100’000 edu-ID accounts!

644A8544-mit-Rolf

In the late evening of February 25th, a prospect student registered at ZHAW and thus created a personal SWITCH edu-ID account. This account turned out to be number 100’000 !

The SWITCH edu-ID team is very happy to see an increasing uptake of this new service. It is user-centric and centrally managed. It is assisting the universities and their IT departments in their daily work.

On every day in the past few months, about 200 new edu-ID accounts have been created on average. About 40% of the users actually link their edu-ID with their AAI account provided by university.

Btw: the prospect student has not yet responded to our call, so we couldn’t share this cake with her yet.


University of Lucerne – the edu-ID Pioneer!

On February 1st 2019 the University of Lucerne has made a big step. It is the first university that has completely switched over to the SWITCH edu-ID. All their roughly 4000 members use now their own secure, long-lived and user-centric SWITCH edu-ID account to access services relevant to the Swiss academic community.

The introduction of the edu-ID heralds a paradigm change in identity management for Swiss higher education. Users are getting more control over their personal data whereas universities can optimize their identity management processes. Fortunately, despite the fundamental architectural change, the impact on users is moderate.

“The migration to SWITCH edu-ID on 1 February 2019 went smoothly. Smaller problems after the migration were solved very quickly by SWITCH. Despite some obstacles in the course of the project, SWITCH provided us with competent support and assistance at all times.”
Marco Antonini, Head of IT

The first preliminary talks between University of Lucerne and SWITCH on edu-ID were held in September 2017. The idea behind the SWITCH edu-ID and, above all, the opportunities it offers in the future convinced the university right from the start. So they decided to change over relatively early. An important prerequisite, central user administration, was already in place, so that the concrete planning could be started.

As integration approach linking at registration was chosen for new students, and linking after admission for current members and future staff. With the integration of edu-ID in the organisational IT and the equipment of all members with an edu-ID identity the university has reached an important milestone. In a second step, further groups will be adressed namely alumni, auditors and further education students.

As the first organisation that completely changes over to SWITCH edu-ID, the university of Lucerne writes history. It can be rightfully proud of this achievement!


Technical Accounts

“Thou shalt not have more than one SWITCH edu-ID user account!” this is one of the commandments in the edu-ID terms of use. It originates from a need of the organizations to be able to unambiguously assign an edu-ID account to one person. But what can an organization or service operator do if it needs a special edu-ID account, e.g. for testing?

Continue reading