Phase 1: Concept and planning
What ?
Pre-project to elaborate an organisation-specific integration plan for SWITCH edu-ID: Goals, benefits, risks, selected approach, time and resource planning, steps and measures.
Who ?
Members of central IT of the organisation (responsible for IdM, authentication and onboarding processes), potentially other stakeholders (student administration, business appplications etc.), representatives of SWITCH
How ?
3 - 4 workshops, organization-internal clarification and communication with stakeholders (about 1 - 1.5 man month of effort for the organisation; max. 50% funded by swissuniversities).
Procedure
- Vision, architecture, status and potential benefit of SWITCH edu-ID
- Analysis of system landscape, identification of relevant identity management (IdM) processes, potential for improvements, intended integration depth
- Development of appropriate integration scenarios to onboard new members and current organizational members, including a detailed reflection of onboarding options for different user groups, choice of technical protocols to update the affiliation status and exchange attribute data.
- Detailed organisational and conceptual list of actions for the implementation, elaboration of (internal) project proposal
If a university approves the project proposal the integration can start after consultation with SWITCH.
Results
As mentioned above the result of planning will be a project plan for the implementation.
Example of a universities adoption scenarios (short version):
User group | Students | Staff | Continuing Education | Preparatory Courses |
Onboarding/Link new members (initial registration) |
Linking-at-registration: via online registration (registration with edu-ID), transfer of identifier from administration tool to IdM |
Linking-at-admission: Trigger via IdM with one-time code sent to user, user accesses web application with code and authenticates with edu-ID, application sends identifier back to IdM for linking |
Via online registration |
Users are not members (no linking with local account). Users register at university with their edu-ID. University sets entitlement attribute |
Onboarding/Link current members |
Linking-at-day-X: Background linking based on AAI accounts. User get edu-ID account with same credentials |
Not foreseen, if necessary new registration |
||
Change Notifications |
Via SCIM, real-time, with confirmation |
|||
Offboarding |
Removal of affiliation by university and notification of edu-ID |