Last year, SWITCH and all its employees changed to SWITCH edu-ID. Today, more than 100 employees access a wide range of business software on a daily basis via SWITCH edu-ID, from project activity recording to the release of invoices. How was the change organised? What does it mean for the employees and the online services they use? A field report.
SWITCH is developing the new digital identity service ‘SWITCH edu-ID’ for Swiss universities. With its employees and services, the foundation also uses the SWITCHaai identity federation, just like the universities. The change from SWITCHaai to SWITCH edu-ID is being carried out step by step. Individual users can create a SWITCH edu-ID themselves and use it for certain services, or organisations can migrate all members to the SWITCH edu-ID. The goal is for all organisations that are part of the SWITCH community to change to SWITCH edu-ID in the next three years.
In accordance with the business principle of ‘eating your own dog food’, last year SWITCH was the first organisation to integrate SWITCH edu-ID into its own identity management. This integration meant that the SWITCHaai Shibboleth-IdP was deactivated. Since then, employees at SWITCH have also been exclusively using the SWITCH edu-ID identity in their daily work.
Changes to an organisation’s identity management concerns three main stakeholder groups: the members of the organisation, the services that the members of the organisation use and the IT infrastructure of the organisation, including its processes for the administration of its members. In the following, we consider the effects of changing to SWITCH edu ID for the three stakeholder groups, as experienced by SWITCH.
SWITCH employees were informed about the plans a few months before the change. Those who still did not have a SWITCH edu-ID were asked to create one. Ten days before the change, a second notice was sent out, which explained that from the cut-off date, SWITCH edu-ID’s login window would be displayed, replacing the organisation’s AAI login window. Further measures were not required.
The change is even easier for the services that some people use via SWITCH edu-ID, as SWITCH edu ID is fully compatible with SWITCHaai services, meaning that no adjustments are required – none at all.
The adjustments that an organisation has to make are more profound. While a SWITCHaai identity is created by the organisation and given to a member, a SWITCH edu-ID is user-centred. They are created by the person themselves and brought to the organisation when they join, which means that a few adaptations to the process when students or employees join an organisation are necessary. SWITCH made minor resource-saving adjustments to the admission process.
On the cut-off date, the switchover was carried out without any problems. SWITCH employees have been using their SWITCH edu-ID since then and can access services as before. The SWITCH edu ID team gained valuable experience during this switchover, which makes it well equipped to actively and competently support universities when planning and implementing their change to SWITCH edu ID.