SWITCH edu-ID is your persistent identity to access all federated services.
It is easy to use, controlled by the user and provides secure access to academic services.
The service is provided by SWITCH for Swiss Higher Education Institutions and parties with relation to them.
- As a student you can use your account during and also after your studies
- As a staff member you can use your account during your employment at a university and also afterwards
- As a private person you can use your account your whole life long (e.g., to access a library service)
Your university will tell you if you need an edu-ID account and how to proceeed if you're a student or a staff (candidate) of a Swiss Higher Education Institution.
Some services accept only SWITCH edu-ID accounts (e.g., SWITCHdrive, SWITCHengines or national licences).
No, you can and should use your existing SWITCH edu-ID account to enroll at a new university.
To deliver its full benefits it's necessary that a person has ONLY ONE SWITCH edu-ID account.
When enrolling at a new university, just review and update your account data, in particular link your edu-ID to any SWITCHaai account that you may have.
No, edu-ID is free of charge for end users. Costs for this service are paid by the members of the AAI federation (organisations and/or services). However, services that you use via edu-id may be subject to a fee.
How to create a SWITCH edu-ID account?
- Go to the SWITCH edu-ID web application https://eduid.ch (or https://edu-id.ch)
- Click the "Create account" button
(NOTE: if this button is not visible, you should not create a new account, because there's already an active edu-ID session. Please do not create duplicate accounts!
If another person has created an account on the same device, the button will not be visible either. Then take another browser, try in private mode or delete the browser cookies.)
- Now choose the option to be used to create your account:
a) "Create with AAI" if you own already a SWITCHaai account.
You need your SWITCHaai credentials to log in.
Then, agree to release your SWITCHaai data and it will be used to create your edu-ID account.
Choose a secure password, confirm and click on "Create account". You will see a confirmation message by e-mail, if the edu-ID account was successfully activated.
Then add a private (long-living) e-mail address to your account.
b) "Create without AAI" if you don't have a SWITCHaai account.
Fill in at least your name and a valid e-mail address (best a private long-living one) to create the account.
Choose a secure password and confirm it.
An e-mail with a verificaton token (link) is sent to your e-mail address. Click on the link to activate your account.
All people who need a SWITCH edu-ID account to access one or more services within the AAI Federation.
SWITCH edu-ID accounts are especially foreseen for all people with a relation to Swiss academia (members, guests etc.) and users of national services.
Usually the user him/herself must create the account. In special cases an organisation might prepare accounts for its users.
In order to create an account at least the following data is required:
- first name
- last name
- a valid e-mail address and
- a password (that will be encrypted).
The e-mail address is verified immediately and the account is only activated once this verification was successful.
During registration processes of higher education institutions (HEIs) some more data might be asked to be filled in during registration of a SWITCH edu-ID account. This additional data is required by the registration service of the HEI and is added to your SWITCH edu-ID account.
- additional e-mail addresses: We would like to encourage you to store several e-mail addresses since this lowers the risk that you can't log in anymore because of a canceled e-mail address. All the e-mail addresses are immediately verified and can then be used for login.
- business address and phone number: This information can be added by yourself or by an organisation you're affiliated.
- date of birth: This information is very helpful to distinguish people with similar names and to detect duplicates. Only few services need this information. Therefore access to it is restricted. You will always see and be able to decide if it is released to a specific service (via user consent)
The contact e-mail address should be the e-mail address that allows us to contact you and that you read regularly. You can use this e-mail to log in to your SWITCH edu-ID account, to access different services and to perform a password reset (as well as additional e-mail addresses).
If it's the only e-mail in your edu-ID account it should be a persistent one that you will use also in the (far) future and one that is not forwared (as a private e-mail you read regularly).
You can change your contact e-mail at any time in your account:
- use the arrow to set another of your e-mail addresses in your account as contact e-mail
- if you have set only a contact e-mail so far, first add an additional e-mail address and set it as contact e-mail afterwards (by using the arrow)
You can use all stored e-mail addresses as username for login to your SWITCH edu-ID account and for a password reset.
Some services can't handle multiple usernames and therefore might accept only the contact e-mail for login.
If your contact e-mail address should become invalid or is transferred to another person, and you forget to replace it, you can access your account or make a password reset with one of the additional e-mail addresses. Those help also to prevent creating duplicates unintentionally.
We highly recommend adding a persistent (private) e-mail address to the SWITCH edu-ID account. With that, access to your account can be maintained (login, password reset, etc. are still possible), even if you leave your current organization.
Linked does mean that the identifier of another digital identity is added to your SWITCH edu-ID account (as SWITCHaai identifier or ORCID) and eventually additional attributes.
Linked does NOT mean that the two accounts are combined or fully synchronized! They still are separate accounts (e.g. with different credentials).
If you link to your SWITCHaai account:
- your name and organisational e-mail address obtain a higher quality in your SWITCH edu-ID account since they are already verified by your organisation.
This implies that some attributes as your name will be overwritten by the information provided by your organisation (as with SWITCHaai account data).
- your SWITCHaai Identifier is added to your account.
This information is necessary once your organisation will migrate to SWITCH edu-ID and no longer use SWITCHaai.
- information provided by your organisation (SWITCHaai account data) is automatically kept up to date in your SWITCH edu-ID account (but there's no sync of it in the opposite direction)
a) Link WHILE account is created:
While creating your SWITCH edu-ID account you have the option to link it directly to your SWITCHaai account. You have to choose your home organisation and to log in with your SWITCHaai credentials. Then your SWITCH edu-ID account will be built based on your SWITCHaai account and be linked to it.
b) Link AFTER account has been created:
If you have already created your SWITCH edu-ID account you can link this existing account to a SWITCHaai account performing the following steps:
- Log in to your SWITCH edu-ID account
- Scroll down to the section "Linked Identities
- Click on the + symbol
- Choose your organisation in the dropdown list and click on "Proceed"
- Log in with your SWITCHaai credentials
- The data that will be added to your SWITCH edu-ID account will be shown (this information will overwrite already existing values in your account, since their quality is usually higher).
- Click on "Proceed" to link the accounts. Now you will see your SWITCHaai Identity and included affiliation(s) in your SWITCH edu-ID account
- I forgot my password. How to reset it?
- What is a secure password?
- Password reset is not working. I didn' get a link by e-mail to reset the password.
- What is two-step login and what can it be used for?
- How can I enable two-step login?
- I lost/forgot my mobile phone. How can I still login?
- I enabled two-step login to be active 'always'. Why am I not asked on every login to provide a verification code?
- I enabled "Don't ask again on this computer for one week" on the login page. Why do I have to enter a verification code anyway before one week has passed?
- I can't log in with my credentials (e-mail and password)
- What data is sent to a service that I would like to access?
- How do I see that I can trust a page/service and enter my e-mail and password for login without risk (phishing etc.)?
- I have problems accessing SWITCHdrive or SWITCHengines.
- Why do I need to verify mobile phone and/or home address before having access to national licenses?
- I would like to enable external users on OLAT at UZH. What to do?
- Why do I have to give my consent when accessing a service?
- When do I have to provide consent?
- Why do I have to agree several times that my data is sent to a service?
- What do I consent exactly to when logging in to a service?
- How can I revoke my consent?
Verification of Contact Information
- When is a verification necessary?
- I didn't get an e-mail verification link by e-mail
- I didn't get a mobile number verification code by SMS
- I didn't get a postal address verification code letter
- How can I keep my account data up to date?
- How long is my SWITCH edu-ID account valid?
- What are the differences to my SWITCHaai account?
- Why did I get an inactivity reminder and what should I do?
- Is it allowed to have more than one SWITCH edu-ID account?
- I've accidentially created a duplicate. What should I do now?
- After I've linked my VHO account to my SWITCH edu-ID account some information is overwritten and ev. the quality lower as before.
Enter one of the valid e-mail addresses stored in your SWITCH edu-ID account and fill in the captcha. Click on "Proceed" and an e-mail with a link that contains a token is sent to the e-mail address you entered in the first step (link is valid for 5 days). When you receive this e-mail, click on the link and enter the new password.
Because of SPAM filters it may take a few minutes until you receive the e-mail.
If you do not receive the e-mail within 10 minutes, please also check your SPAM folder.
A secure password must contain at least 10 characters (better > 15). The password should be a combination of
- uppercase and lowercase letters,
- numbers and
- punctuation characters.
The password indicator shows you how strong your password is. Weak passwords are not accepted as well as passwords listet as "well known worldwide".
This is how a strong password could look like: Cfip9gd!l2v38-Hko4
Now set your own strong password!
If the link you've got does not work check if the entire link (URL) is called in the browser (in case of line breaks).
Reasons why you didn't get the e-mail can be
- Delay: It might take some seconds or some minutes until you get the e-mail
- No valid e-mail: Check if the e-mail address you've entered is valid and the mailbox working properly (in doubt retry a password reset, ev. with another e-mail address you might have added to your account)
- Spam filter: Check your SPAM folder
- Mail forwarding: The password reset token is sent to the e-mail address you've entered. It can happen that providers do not forward this email correctly to another mail account. Have a look at the mailbox the mail was initially sent.
Two-step login enhances the security by asking users to provide a second authentication factor when logging in (e.g. the My edu-ID account management).
The second factor will be sent to you as code on your mobile phone (via authenticator app or SMS).
You may know this function also by the terms two-factor authentication (2FA), two-step verification or secure login.
Services needing higher authentication security than others, e.g., services allowing account management or financial transactions will ask for two-step login if necessary.
To enable two-step login go to your edu-ID account via https://eduid.ch and click on "Two-Step Login" on the + symbol or directly go to the Two-Step Login settings. Then enable one of the two-step login methods.
We recommend to use an authenticator app as FreeOTP, Google Authenticator, OTP Auth or andOTP to get your codes.
It's possible to enable more than one two-step login method. Login with app will then be shown as first/preferred tab.
Depending on the settings you make, two-step login is used only for services that require it (on demand) or for all services every time (always).
To disable two-step login go again to the Two-Step Login settings and switch off all methods that are enabled. Please note that this could mean that you have to re-initialize or re-verify the verification token if you enable a particular method again later.
Most of the authenticator apps mentioned above can also deal with multiple accounts.
When you enable two-step login, you are asked to safely store a set of recovery codes. These codes can be used during the two-step login process by clicking on the tab "Use recovery code" when asked to provide a two-step login code.
Each recovery code can be used only once, therefore it is recommended to delete the recovery code from your list once it has been used. Using a recovery code you can log in on https://eduid.ch and disable two-step login or change the settings (e.g. add a new mobile phone number).
I enabled two-step login to be active 'always'. Why am I not asked on every login to provide a verification code?
When you have enabled in the settings that two-step login should be used to access all services (= always) and not only those that require it (= on demand), you will generally have to provide a two-step login verification token after successful username/password authentication except in those cases:
- A Single-Sign On session with a previously successful two-step login is still active. Therefore, no further two-step login verification code has to be provided for a few hours when accessing another service.
- The checkbox "Don't ask again for one week" was checked previously when the two-step login code was verified. This will remember for a week that two-step login was successfully used for the current web browser.
- Currently two-step login is not enforced for technical reasons when accessing SWITCHdrive or SWITCHengines.
I enabled "Don't ask again for one week" on the login page. Why do I have to enter a verification code anyway before one week has passed?
Checking this checkbox will remember for a week that two-step login was successfully used for the current web browser. If for some reason you still have to enter a code before one week has passed, this could be because:
- You are using a different web browser.
Checking the checkbox will store information regarding the two-step login only for the current web browser on the current computer/mobile. If one uses another web browser or another computer/mobile, the information stored by the checkbox will not be present there. Therefore, a code is required again.
- You recently cleaned all cookies/HTML storage objects of the current browser.
This will erase all information that web pages stored locally in your web browser, inclusive the information set by the two-step login checkbox.
- You were using the web browser private/incognito mode when the checkbox was checked.
Using a web browser in private mode will instruct the web browser to not store any cookies or HTML storage objects. Therefore, the information associated with the checkbox is not saved locally by the web browser in this mode.
The edu-ID administrators also can disable this setting for particular users if needed (e.g. for security purposes).
NOTE: Not all SWITCH edu-ID enabled services might allow that you access them. Usually a service will show a message if access is denied.
If your SWITCH edu-ID credentials (e-mail / password) are wrong you will see an appropriate message on the login screen.
- Try to log in to your SWITCH edu-ID account
- Check that there are no spelling errors in the e-mail address and password you enter
- Check if the e-mail address is one that you have added to your SWITCH edu-ID account
- Some services accept only the contact e-mail - make sure you use this one
- If necessary make a password reset and try again
If you access a service for the first time, the information (attributes) that are sent to this specific service are shown and you are asked to agree that they are released. If you wish, this question will be asked everytime you access a service and not only the first time.
How do I see that I can trust a page/service and enter my e-mail and password for login without risk (phishing etc.)?
If you use your SWITCH edu-ID the authentication (login) is done via the Identity Provider of SWITCH edu-ID. The URL that you see in the address window of your browser has the form https://login.eduid.ch/idp/...
This address grants you are on the right page and that you can enter your credentials.
There are few exceptions where you will not pass through the Identity Provider. The pages you can trust anyway are:
Ask users to create an edu-ID and to follow the instructions on https://help.olat.uzh.ch/pages/viewpage.action?pageId=2752933.
Once the person is registered in OLAT too he/she can register for a specific course or you as a course administrator can add the person to a group in your course.
To make login with your edu-ID account as transparent as reasonable from a data privacy point of view, you are asked to agree that the information shown on the consent-screen is sent to the service you want to access. This allows you to still stop the login process in case you don't want to share the shown information with a service.
When do I have to provide consent?
Consent to share the shown information with a service is generally asked the first time when accessing a service with an edu-ID account. The consent screen is only shown after successful authentication before being sent to the service. Unless the option to be asked for consent on each login is chosen by you, consent is asked only again when one of the values shared with the services changed since the last login. Consent is also asked again if the edu-ID administrators decide to reset consent information for particular services or users.
You have to agree for each service at least once that your attributes are sent to it.
It might happen that this user consent is shown to you several times because:
- you have chosen in your settings that you would like to see it every time you access the service
- there was a SWITCH edu-ID software upgrade that requires a new user consent
- new attributes have been added and will now be sent to a service
- after one year the user consent has to be renewed
Giving user consent means that you agree that the attributes (e.g. surname, e-Mail, etc.) shown on the consent page are shared with the service and that the service is allowed to get updated attributes for you. Getting updated user information in form of attributes also works without the user's involvement. If you have agreed to share for example the surname attribute with a particular service and thus also agreed that the service can get updated information for the surname, the service can get your changed surname (e.g. due to marriage) without a log in from your side.
I you are affiliated with an organisation (e.g. university, research institute) and you have linked this organisation's affiliation to your edu-ID account, the organisation can also update your edu-ID user information (e.g. information relevant for the studies but also personal information). This can also involve information that you have not explicitly given your consent for at the time of the last login because this information has not been available at the time of the last login. This information is needed to allow edu-ID users to access services in the context of a particular organisation (e.g. as student of a particular university).
The edu-ID service gets updated information for linked accounts once per day or if the organisation triggers an update for a particular user. Information is no longer updated by an organisation if the user has no longer an active affiliation (e.g. because the user finishes his studies or leaves the organisation).
To review what information is shared with a service, initiate a login to the service but on the login page first click on the link "Options for personal data protection" and tick the checkbox. When logging in, the consent screen will reappear.
A particular service can be prevented from getting updated user information by revoking consent. For now, this is a manual process because only very few services update user information without the user's involvement. Please write an e-mail to email@example.com and mention the service for which consent should be revoked.
Acess to National License
The publishers did define the rules for access their publications and have contracts with the consortium. To grant that users getting access live in Switzerland you need to verify your mobile phone number and/or home address first.
Verification of Contact Information
- E-mail addresses: are only added to your account once verified. The e-mail address you use to create the account is verified immediately. If you set another e-mail address as contact this one is verified too (also if it was already verified in the past).
- Mobile phone numbers: are only added to your account once verified.
- Business Address: If you link your AAI account to your SWITCH edu-ID account the verified information will overwrite the existing self-declared values (usually including address and phone number for employees)
- Private Address: Currently only for accessing Swiss national license content a verification of the home postal address (in Switzerland) is necessary.
- Linked Identities: by adding an AAI account or an ORCID this already verified information is added to your account
Reasons why you didn't get the e-mail can be
- Delay: It might take some seconds or some minutes until you get the verification e-mail
- No valid e-mail: Check if the e-mail address you've entered is valid and the mailbox working properly (in doubt start the verification again)
- Spam filter: Check your SPAM folder
- Mail forwarding: The token is sent to the e-mail address you've inticated to be added/to be verified. It can happen that providers do not forward this email correctly to another mail account. Have a look at the mailbox of the initially indicated e-mail address.
Check if the mobile number you've entered is correct (in doubt start the verification again).
If the link is cut because of line breaks in the e-mail it will not work.
In this case copy the whole link into your browser address field.
The time frame for verifications is limited. You will get an expired message if the token (link/code) you've got is no longer valid. In this case you start a new verification in your account.
It will take 2-5 days until you get the letter.
Address verification is only possible within Switzerland and Liechtenstein.
- Make sure the name you use in your account and the address you enter are correct.
- If the letter does not arrive after 6 days start the postal address verification in your account anew.
- Use always a valid e-mail address as contact e-mail (if another e-mail is set as contact e-mail a verification will start)
- Link your SWITCH edu-ID with your SWITCHaai account(s) - especially if you study/work for multiple organisations or change the organisation.
- Make changes in your account if necessary (change of mobile number, postal address etc.) and start a verification if it's necessary to access a specific service.
- Check and update your account data when you get a reminder that you didn't use your SWITCH edu-ID for one year (inactivity reminder).
As long as you use actively your credentials to access services, your account is prolongated automatically.
If you don't use it for one year an inactivity reminder will be sent to you and you can then prolongate it by logging in to your account or by accessing another service with your edu-ID credentials.
- The AAI account is established and maintained by your organisation (university). It is created when you enter the organisation and deleted when you leave it. You should use your SWITCHaai account whenever possible.
- Your edu-ID account is created and/or activated by yourself and its you who should also maintain it. A SWITCH edu-ID account is owned by yourself and can accompany you your whole life long. Some services ask for a login with SWITCH edu-ID - there you should use you edu-ID account.
General differences are listed on this page.
Don't be afraid: The reminder does NOT mean that your account will be deleted because it was not used for a longer time. If you didn't use your account for one year you will get an inactivity notification. It reminds you that the account data should be kept up to date - especially the contact e-mail address that is used to contact you. Please check your account data regularly.
- you have to re-verify contact information,
- data about the account merging is sent to services and IdM administrators to solve potential problems,
- you can't access some services anymore.
Usually you will get an information by e-mail and/or the user interface that a duplicate was detected and how you should proceed.
If you know that you have more than one account use the following link to access your account(s) and follow the instructions for merging: https://eduid.ch/web/remove-duplicate-account/
During the process to merge two accounts you will have to authenticate with both accounts and select one account to keep. The merge process then will move all relevant identity data to the remaining account and archive the other account.
The merging process will be like shown in the follwowing:
Step 1: Authenticate with both accounts
Step 2: Choose which account to keep and which to archive
Step 3: Confirm selection and start merging process
Step 4: Review merging process results in your account details.
If you're not sure that a duplicate exists or if you can't access the duplicate account anymore please contact firstname.lastname@example.org
NOTE: Account merging is a complex process and might have an impact for the identity management of your organisation and services you have accessed in the past! Therefore we will inform affected services and IdM administrators of your organisation about the accounts that have been merged. With this information they will be able to solve potential problems.
Your account is not supposed to be deleted (except duplicates).
As long as you affiliated with an organisation your account can't be deleted.
It is a long-living account that should accompany you as a live-long learner providing access to services when you need it.
Your account facilitates also registration at higher education institutions.
Therefore do not ask for account deletion just because you think you don't need it anymore!
It's possible to create a new account in the future but your account data will be lost and institutions you have belonged to or services you have used in the past will not recognize you anymore (e.g. account can't be restored, access to former data/services will not be possible, you will not be recognised as alumni, former accounts can't be merged with your new account).
Nevertheless if you decide your account should be deleted write an e-mail with the corresponding request to email@example.com. After a call back to your contact e-mail address your account will be deleted.
SWITCH edu-ID supports currently English, French, German and Italian. If you think another language should be added or if you discover translation errors, please contact us.
After I've linked my VHO account to my SWITCH edu-ID account some information is overwritten and ev. the quality lower as before.
If you have already verified information e.g. by linking your SWITCH edu-ID with an AAI account, to link it then additionally with a VHO account can decrease the quality of your personal information, since VHO accounts have often not the same high quality as institutional AAI accounts.
Relink your SWITCH edu-ID account again with your AAI account and the higher quality information will overwrite the lower quality VHO information.