Phase 1: Concept and planning

What ?

Pre-project to elaborate an organisation-specific integration plan for SWITCH edu-ID: Goals, benefits, risks, selected approach, time and resource planning, steps and measures.

Who ?

Members of central IT of the organisation (responsible for IdM, authentication and onboarding processes), potentially other stakeholders (student administration, business appplications etc.), representatives of SWITCH

How ?

3 - 4 workshops, organization-internal clarification and communication with stakeholders (about 1 - 1.5 man month of effort for the organisation; max. 50% funded by swissuniversities).

Procedure

  1. Vision, architecture, status and potential benefit of SWITCH edu-ID 

  2. Analysis of system landscape, identification of relevant identity management (IdM) processes, potential for improvements, intended integration depth
  3. Development of appropriate integration scenarios to onboard new members and current organizational members, including a detailed reflection of onboarding options for different user groups, choice of technical protocols to update the affiliation status and exchange attribute data.
  4. Detailed organisational and conceptual list of actions for the implementation, elaboration of (internal) project proposal

If a university approves the project proposal the integration can start after consultation with SWITCH.

Results

As mentioned above the result of planning will be a project plan for the implementation.

Example of a universities adoption scenarios (short version):

User group Students Staff Continuing Education Preparatory Courses
Onboarding/Link new members
(initial registration)

Linking-at-registration: via online registration (registration with edu-ID), transfer of identifier from administration tool to IdM

Linking-at-admission: Trigger via IdM with one-time code sent to user, user accesses web application with code and authenticates with edu-ID, application sends identifier back to IdM for linking

Via online registration

Users are not members (no linking with local account). Users register at university with their edu-ID. University sets entitlement attribute

Onboarding/Link current members

Linking-at-day-X: Background linking based on AAI accounts. User get edu-ID account with same credentials

 

Not foreseen, if necessary new registration

Change Notifications

Via SCIM, real-time, with confirmation

 
Offboarding

Removal of affiliation by university and notification of edu-ID