Instructions: Integration Manger (IM) for the purpose of FED-LOGIN totally smartcardless

Individuals who are not equipped with a SG-PKI smartcard have not been able to authenticate with their Federal Government Enterprise Identity at the "high" level (QoA50) with the FED-LOGIN Identity Provider (IdP) in the past. By logging into Active Directory for Mobile-VDI, they achieve a quality of "medium" (QoA40) level. This level is sufficient for access to many applications. However, if an application requires level "high" such as GEVER, the quality of this authentication is insufficient. On the one hand, the identity of the person has not been verified in the required quality because the LRA process (issuing of smartcard) has not been completed, and on the other hand, the person does not have a means of identity verification of the "high" level. In addition, a high-quality issuance / handover process of the means of proof of identity must ensure that it belongs to the intended person.

Only employees of the Federal Administration equipped with smartcards could register the Mobile ID as a strong means of proof of identity as an alternative to the smartcard after authentication with the smartcard as an anchor. Starting with the Aletschhorn release (09/07/2023), eIAM offers the possibility for non-smartcard equipped employees (internal/external) to raise the quality of their FED-LOGIN identity to level "high". We therefore call this feature in eIAM "totally smartcardless."

The IM process looks like this

Initial situation: the target person already has a Federal Administration email account (optionally equipped with Mobile VDI, already initialized by HR before this process).
  1. Check the master data of the target person in CIS using HR process. In doing so, the following master data must be transferred 1:1 according to his photo ID.
    • First name - if there are multiple first names, at least one of them must be listed in the master data.
    • Last name - in case of several last names (without hyphen), all of them must be listed in the master data.
    • Birth date - it must be entered correctly. For external employees, HR often sets a pseudo date.
  2. Once the target's CIS master data has been correctly and completely recorded, ask the target to complete the "totally smartcardless" onboarding process according to the following instructions FED-LOGIN totally smartcardless
After going through "totally smartcardless" onboarding process, the target is equipped as follows:

Verified FED-LOGIN identity at “high” level (QoA50) using the FED-LOGIN Access app or a security key (FIDO2)

Note
Video identification is subject to a fee and must be paid directly during the process (credit card, TWINT, voucher). Administrative units can obtain vouchers themselves and distribute them to their employees.

Information about video identification: Ordering vouchers


Were we able to help you?
 
Read more help articles →