Not everyone who has access to a service connected to SURFconext has an institutional account. For these so-called guest users, SURFconext offers a guest Identity Provider (guest IdP). The current guest IdP Onegini will be replaced by eduID in 2020. Read how this process works and what you, as an institution or Service Provider, will notice about it.

eduID: 1 identity within education and research

Students increasingly want to study outside their own institution. For example, they have interests in subjects from different study programmes or they want to raise their profile on the labour market. Educational institutions also offer joint courses, the components of which are given to multiple institutions.

To facilitate this flexibility, students must be uniquely identifiable across institutions. In this way, different institutions can be sure that they are dealing with the same student and, for example, study results obtained can be exchanged. eduID makes this possible. Anyone directly and indirectly involved in education can use an eduID.

Read more about eduID.

eduID and guest use within SURFconext

The plan is to ultimately introduce eduID for all students in education and research. It is not that far yet, but we are already going to use eduID for specific target groups. One of these are guest users of SURFconext. A guest user is a user who needs access to a service via SURFconext but does not have an account with one of the affiliated institutions.

We are currently using Onegini as a guest IdP for SURFconext. In 2020, we will replace Onegini with eduID.

Impact for institutions and service providers

No technical modifications required

As an institution or Service Provider, you do not have to make any changes to provide support for eduID. Just like Onegini, eduID is an Identity Provider in SURFconext, and eduID supports exactly the same attributes as Onegini. If users have migrated from Onegini to eduID (see below), they will remain exactly the same user, with exactly the same attributes.

Customize WAYF page

Some Services have their own WAYF/Discovery page that includes Onegini, or a login button that refers directly to Onegini. In that case, as a Service Provider you need to change this to eduID.

Updating Manuals

If, as an Identity or Service Provider, you have manuals about guest use for SURFconext, replace Onegini with eduID.

Migration process

SURF has set up a process to make it as easy as possible for the user to migrate the old Onegini guest account to eduID.

Migrating Onegini account to eduID

During the migration, a new eduID account is created for the user with the same identifier as the old Onegini account. As a result, the old identity is kept within eduID. The guest user also retains his existing authorisations within SURFconext (such as SURFconext Teams memberships) and the services connected to it.

The migration process for the users is as follows:

• All current Onegini users will receive an e-mail asking them to migrate their existing account to eduID.
• They start the migration process via a link in the e-mail. (This is the link where the migration process can start: https://login.eduid.nl/migration)
• Once the migration has been completed, users can log on to the same services they are used to using eduID.

Temporary: Onegini and eduID side by side

Temporarily, guest users who have migrated their old Onegini account to eduID will be able to login to (certain) services using both Onegini and eduID. From a service point of view, there is no difference between these users. Later this year Onegini will disappear and eduID will remain the only possibility to log in as a guest user.

1 July: Onegini phased out

Users can migrate their Onegini account to eduID up to 1 July. After that date, their Onegini account will no longer be available and existing authorizations and team memberships will be lost.

Of course, users from 1 July will still be able to create an eduID, but then they will be seen as a regular, new guest user.