Getting Started: Setting up an edu-ID Service

1. Contractual Preparation

Before you integrate an application into the SWITCHaai federation, your organization must become a "federation partner".

2. Protocol Choice

SWITCH edu-ID is a service offering in the SWITCHaai federation. Currently edu-ID supports the SAML and the OpenID Connect protocol.

SAML OpenID Connect

The instructions to set up a service for SAML can be found here:

Setting up a SAML Service

OpenID Connect (OIDC) is a new edu-ID service. It's functionality is limited compared to SAML, but it will be continuously extended in the future:

Setting up an OIDC Service

3. Attribute Model Choice

SWITCH edu-ID offers a very comprehensive data model in different variants.

  Description SAML OIDC
classic attribute model To access a service, a user chooses the home organization in the discovery service ("were are you from?"). The service receives an attribute assertion from the selected home organization. The assertion is compatible with traditional SWITCHaai assertions configure intended audience without private identities (not supported)
edu-ID only classic To access a service, the user directly authenticates (without choosing a home organization). The service receives a attribute assertion of the user's private identity, independent of any organizational affiliation. configure intended audience exclusively private identities require scopes profile, email or swissEduIDBase
extended attribute model light Like edu-ID only classic. The service can determine organizational roles and email addresses by evaluating swissEduIDLinked* attributes. require attributes swissEduIDLinked* require scope swissEduIDExtended
extendend attribute model Like extended attribute model light. Additional organizational affiliation attributes are fetched via affiliation API. Get additional attributes via affiliation API with read-only permissions.

4. Advanced Service Configuration

Options to enhance the service quality, usability or security