Account Notifications

This feature is selectively released to Universities by Switch.

After successful completion of the authentication process the user is guided through the Account Reminder flow. The flow is activated on specific conditions only and may be a static announcement or an interactive dialog.

The following flows are persistently active and are shown if the user fulfils the corresponding conditions. Stateful flows store their state in cookies and are therefore bound to the browser.

Add Mobile Number for Account Recovery

Users with activated strong authentication (2-step login, passkeys) who lose their credentials need to go through the account recovery process to regain access to their account. If a user has set up her account with a mobile number, the account can be recovered in a self-service process. Without mobile number the user has to contact Switch edu-ID support where she is identified and the account is manually recovered.

The purpose of this function is to ensure that all users have a verified mobile number registered in their account.

Condition

  • The User has enabled strong authentication (2-step Login with Authenticator App or Passkeys)
  • The User has no registered mobile number

Action

  • The user is asked to register a mobile number using the mobile number wizard
  • The user may skip the mobile number registration. In this case, the dialog will be shown again after 30 days

intercept-mobile-0

Enforce Authenticator App for 2-step Login

Users with activated 2-step Login with mTAN code (sent via SMS) receive a text message for each MFA authentication. To improve authentication reliability and account security, and to reduce operational costs users are encouraged to use App Authenticator (TOTP) instead.

The purpose of this function is to ensure that mainly the App Authenticator (TOTP) method is used for 2-step Login.

Condition

  • The user has 2-step-login activated with mTAN (SMS) method
  • The user has neither registered an App Authenticator (TOTP) nor Passkey Authentication

Action

  • The user is asked to register an App Authenticator using the TOTP wizard.
  • The user may skip the TOTP registration. In this case, the dialog will be shown again after 30 days

intercept-totp-0