Administration Portal

SWITCH provides a web-based administration portal for organisations. Its purpose is to:

  • review the most important statistics, status information about their organisation in the context of edu-ID
  • inspect or temporarily disable organisation affiliations of edu-ID users
  • create and manage technical edu-ID accounts
  • review changes performed by fellow administrators on their users
  • review and manage security, emergency and generic edu-ID service contacts for their own organisation

Roles

On edu-ID there exists four roles:

  • edu-ID administrators: This role is assigned only to selected staff members of SWITCH who are responsible for the operation of SWITCH edu-ID. Users with this role can perfom all actions that the other roles can perform.
  • organisation administrators: Can perform actions on affiliations of organisations that they administrate. Have read-only access on the user's self-managed basic identity. Cannot view data of affiliations from other organisations for which they are have no administrative privileges. Can review the daily data quality report of the organisation's affiliations. Can add or remove organisation administrator or support staff roles to edu-ID users.
  • support staff: Can perform a subset of tasks of the organisation administrator role to help resolving support issues for their own organisation.
  • user: Can manage own basic identity data and view own affiliation data.

Users can only be either organisation administrators or support staff for an organisation. However, a user can be organisation administrator or support staff of multiple organisations.

Get access

The organisation administration portal can be accessed by edu-ID administrators, organisation administrators and support staff. It is available at:

https://eduid.ch/web/organisation-administrator/

It requires a two-step (MFA) login with an edu-ID account.

Grant access

The first organisation administrator roles of an organisation are assigned by SWITCH edu-ID staff. The organisation administrators then have granting privileges for their own organisation. They can appoint additional or remove existing organisation administrators and support staff for their organisation. Support staff has no granting privileges.

adminportal-grant-access

 

To grant access, a portal administrator has to switch on "additional actions" and enable/disable the support or administration rights for a person.

On request SWITCH edu-ID staff can appoint edu-ID users to become organisation administrators or support staff even though the users to appoint don't have a current affiliation with the organisation to administer. This comes with the risk that such users may keep their role even though they would not need it anymore.

Restrictions

The administation portal has the following restrictions:

  • The search function is limited to reveal users who have an affiliation with the current administrated organisation.
  • The identity data of an edu-ID user account can be inspected but not changed. Affiliation data changes have to be done via the normal affiliation update mechanism. Basic identity data is managed by users on their own or - in rare cases - by edu-ID administrators.
  • Organisation administrators and support staff can only inspect or modify affiliations of users affiliated with the administrated organisation. Data of other affiliations cannot be inspected.
  • Currently, affiliations can only be deactivated, reactivated or removed.

Extensions

In general, the SWITCH edu-ID team is open to requests and wishes when it comes to extend the administration interface. If you – as organisation administrator or support staff – miss a specific feature, please let us know via an e-mail to eduid@switch.ch.