FED-LOGIN - Info
What is FED-LOGIN?
The term FED-LOGIN covers all login methods that enable the use of the SG PKI-based digital identity (eID). Individuals who have been onboarded by Federal Administration HR or by certain partners of the Federal Administration, such as cantonal administrations, receive an SG PKI-based eID via their employer's processes.It is worth noting that these employees receive a smartcard and/or mobile VDI access from the Federal Administration. This SG PKI-based eID can be used on all networks (including the internet) by means of this smartcard and additionally via Kerberos within the Federal Administration's network. This SG PKI-based eID can now also be used with a username, password and two-factor authentication such as mTAN, authenticator app, Mobile ID and FIDO2. Mobile ID and FIDO2 result in high-quality authentication that works on any network, with any device, i.e. also from the internet. Users register and manage these login factors, password and two-factor authentication factors, including their Mobile ID and FIDO2, themselves at www.myaccount.eiam.admin.ch. This must be done using smartcard authentication or, if no smartcard is available, via video identification.
Mobile ID as a second factor is not available to all individuals equipped with SG PKI; for commercial contract reasons, it is currently restricted to internal and external employees who have been onboarded by Federal Administration HR.
Note: Video verification as a smartcard replacement and FIDO2 as an alternative to Mobile ID will be introduced in the course of 2023. Video verification as a smartcard replacement is aimed at mobile VDI users who do not receive a smartcard.
FED-LOGIN - FAQ
1.1 Where can I get help with FED-LOGIN?Please note that FED-LOGIN is not aimed at citizens and representatives of the business community. Employees of the Federal Administration and other SG PKI affiliates should contact their local support service or the FOITT service desk. Please first consult the FED-LOGIN Help.
1.2 What criteria does FED-LOGIN use to exclude (discontinued) mobile phone operating systems?
The responsibility for keeping the mobile phone operating system up to date and securing it with updates lies with the end users.
This article uses the term ‘mobile phone operating systems’ to refer to all operating systems and all end devices on which the FED-LOGIN Access app can be run. The article does not specify which operating systems or operating system brands work for this purpose but deals exclusively with the phase-out of operating system versions.
FED-LOGIN rejects the use of certain mobile phone operating systems (outdated). This rejection applies exclusively to the FED-LOGIN Access app and not to other apps or the use of the browser.
Specifically, FED-LOGIN excludes certain (outdated) operating system versions from using the FED-LOGIN Access app if known security vulnerabilities exist that could harm end users. The exclusion takes place within the period specified by the Federal Chancellery.
Irrespective of this, end users are fundamentally responsible for their own security in accordance with the introductory explanation, in particular during the transition period until a possible exclusion.
At the same time, FED-LOGIN may also approve mobile phone operating systems for the FED-LOGIN Access app that have reached their end of life and no longer receive security updates. The aim is to continue to provide access to as many end users with older hardware as possible. The Federal Chancellery decides on the approval of such outdated operating systems based on generally available security information and in consultation with other federal authorities. A pragmatic approach is also taken to exclude very old operating systems in line with common sense, for example in a harmonised manner with the Swiyu e-ID wallet.
The risks arising from the use of outdated mobile phone operating systems are assumed by the end users in all cases. It should therefore be expressly noted that switching to newer hardware and software is more sensible and secure.
The costs resulting from the exclusion of mobile phone operating systems are borne by the end users. These costs can be reduced by using Security key