Page tree
Skip to end of metadata
Go to start of metadata

Table of contents:

Requests, failure reports and repairs

Please contact us via email or phone +41 44 632 77 77

Switch to the page in German language

Service Information and Update

Blog eintrag

Authentication and Authorisation Infrastructure (AAI)


The AAI is a service used across various organisations that regulates and simplifies access to networked resources.

The AAI consists of two groups of components: Home organisations (IdP - Identity Provider) and resources (SP - Service Provider). Participating Swiss organisations form a federation (SWITCHaai) that is based on mutual trust.

The home organisations (e.g. universities or technical colleges) are responsible for the registration and administration of their users. In the event of a request to access a resource, user authentication takes place at the respective home organisation. After successful authentication, the home organisation sends the desired user attributes to the service provider after the user has given his/her consent (user consensus).

The IDP of ETH is based on Shibboleth software and uses the ETH LDAP service as a source of information.

Customer Benefits

Customers can protect their resources through user authentication and authorisation and make their content or services available to a wider audience.

It is also possible to thereby restrict access to content and services based on user attributes or, conversely, make them accessible internationally.

Furthermore, users also benefit from single sign-​on (SSO).

Customer Groups / Cost / Order

This service is available to all ETH members free of charge.

Identity and Access Management (IAM)


ETH Zurich operates an Identity and Access Management (IAM) system. The system allows the control and supply of data from the Directory Services LDAP, Active Directory and Switch AAI (ETH-part) that unify the management of groups and distributors, the management of multiple passwords and providing self-service help and helpdesk functions via a web application (

The system has been updated in spring 2019 and additional features have been made available.

Customer Benefits

A uniform and consistent management of identities and access rights is an indispensable requirement for the provision of IT services in a complex environment like ETH.

Every member of the school benefits from the unified password management and self-service features that are offered through a web application (

Equally important is the ability to integrate other identities from other, external IAM systems.

Customer Groups / Cost / Order

Users of the service are all software users from ETH applications that use the IAM functions directly or through the attached Directory Services.

The IT Support Manager (ISL) has administrative rights on the system. Users can apply for the connection of their own IT systems via the Service Desk.

The service is free of charge.

Lightweight Directory Access Protocol (LDAP)


The LDAP service is an authentication, authorisation and information service used across ETH Zurich that is based on the OpenLDAP software. The service serves as a central source of information for applications and systems, and enables the exchange of information about users, groups, systems and services.

Customer Benefits

The LDAP service customers are typically service providers who want to protect their services via user authentication and authorisation as well as system administrators who use the LDAP directory as a source of information for their systems.

The LDAP service has not been designed for direct user access.

Customer Groups / Cost / Order

This service is available to all ETH members free of charge.

  • No labels