Page principale Navigation Contenu Contact Sitemap Recherche

Usage obligation


eIAM is a service of the "identity and access management" standard ICT service (IAM Bund). For IAM-Bund, the central federal administration is subject to a procurement obligation in accordance with the W008 directive referenced below (addressed there as ‘Bezugszwang’). Link to (in German and French): Instruction W008 (German). The decentralised Federal Administration can use eIAM and thus AGOV via eIAM in accordance with tariff or use AGOV directly without eIAM (free of charge).

Does the usage obligation for the standard service apply to my project? ➽ Checklist Ⅴ’’’

Internal and external SaaS (example: Miro boards, Atlassian cloud services, etc.) and native mobile apps are also subject to the IAM usage obligation. Neither the operating location, type of operation, protection requirements nor the login audience (internal employees, external employees, partners, citizens, etc.) have any influence on the purchase obligation. If these or other solutions are to be operated without eIAM (e.g. with login accounts at the service itself), an exemption request is mandatory, see .

Explanations regarding the usage obligation
×

The purchase obligation stipulates that applications must obtain digital identities, or more precisely the authentication service based on them, from the standard service IAM-Bund in accordance with the directive W008, i.e. from the eIAM service of the FCh DTI, in dedicated use cases from the SSO-Portal service of the FDJP. If the Swiss state e-ID is in the role of the digital identity with the aim of effecting authentication (a login), this process must also be obtained via the standard service, namely via the integral standard service component AGOV; the e-ID may not be used directly as an authentication means by the target applications.

Consequently, to obtain an digital ID in another way, for example when identity providers (IdPs) connect directly to applications, middleware, SaaS, etc., as well as for proprietary login procedures in them, exceptional authorisation from the FCh DTI is required, regardless of the type and location of the operation and the protection requirements, unless otherwise stipulated in the directive W008 .

Access management can also be obtained as part of the IAM Bund standard service, but this can also be located elsewhere, for example in the applications, middleware, SaaS, etc.

This rule is aimed at achieving optimum economic efficiency and defined security, and encouraging the digitalisation of administrative processes through interoperability of digital IDs according to the once-only principle.


Exception management
×

Exceptions for the IAM provision of web applications and native Mobile-Apps outside the corresponding Federal Administration standard service are granted for time-critical pilot operations.

No exceptions are granted for the IAM provision of web applications and native Mobile-Apps in live operation, irrespective of low user numbers and of the protection requirements, except where operation is technically impossible or in an emergency. Procurements of software, SaaS and other cloud solutions, etc. must be fully aligned with connectivity to eIAM according to . If ICT solutions are procured, including cloud solutions such as SaaS, that cannot be connected to eIAM within the eIAM standard, the application owner is obligated to have an authentication bridge (in the form of an adapter) developed and maintained. See .

Uniform IAM provision for the Federal Administration application landscape is the basis for the successful digitalisation of processes. In this context, multiple small applications with proprietary IAM provision must absolutely be avoided or else consolidated.

ICT standard services

See also:
The Digitisation Ordinance, DigiV stipulates that the IT services which the administrative units of the Federal Administration require with the same or similar functionality and quality shall be centrally managed as ICT standard services by the FCh DTI for the use of the entire Federal Administration.

DigiV and Directive W008 (formerly market model)

The Federal Chancellor defines the standard services on the basis of the DigiV (in German) in consultation with the GSK. The Federal Chancellery issues Directive W008.

The use of the "identity and access management" standard ICT service is regulated in the W008 (formerly market model) directive as follows:
Source:
The administrative units of the central Federal Administration, as defined in Article 7 of the GAOO, obtain these ICT services exclusively via the standard ICT service. The Federal Chancellor may require administrative units of the central federal administration to use centrally provided ICT resources; he or she shall consult the GSK in advance. The Federal Chancellery, DTI Division, issues the relevant directives in accordance with Art. 40 DigiV, in this case W008. The administrative units of the decentralised Federal Administration, the federal courts, the Federal Assembly, including its parliamentary services, and third parties may obtain the services with the consent of the DTI sector of the Federal Chancellery.

Legal & Organization