Home » Identity and Access Management: CAF » Case Studies » University of the Fraser Valley

University of the Fraser Valley

User authentication in the fast lane:  eduroam as your primary campus SSID

UFV

IT requirements at higher-ed institutions are constantly evolving, the result of emerging technological trends, a steady flow of incoming and outgoing students, and the continuous movement of faculty and researchers between buildings and campuses. The result is a dynamic infrastructure that’s time consuming for IT professionals to maintain.


Most Canadian post-secondary institutions provide several campus-wide wireless networks for their students and faculty, in addition to eduroam, the global Wi-Fi service for education and research communities.   This requires the IT staff to manage credentials and permissions for each network, in addition to the configurations required to offer eduroam.

Users also pay the price in lost time whenever they have to pull up a browser, enter a username and password, and accept terms and conditions every time they want wireless Internet access.

A lighter load for IT, better UX for students and faculty

The University of the Fraser Valley is a regional teaching facility in British Columbia with about 16,000 students and 1,200 staff spread out across eight different campuses. Bryan Daniel, manager of IT Infrastructure, and Shane Schlosser, team lead for the IT Systems Group, first considered eduroam for its ability to connect students and faculty to a broader educational network. .  “We knew a number of other BC universities were using eduroam and we wanted to offer it as a service to our customer base,” explains Bryan.

A single campus-wide wireless network

During initial discussions with CANARIE (the Canadian provider of eduroam), UFV realized that eduroam could also be used to simplify wireless access for local users, turning their cumbersome web-based login process into a one-time authentication setup. Not only would eduroam make everyday access easier for users, it would lessen the university’s overall IT workload with fewer systems to manage: eduroam would simply act as UFV’s primary wireless service set identifier (SSID).

“Our only reservation was the burden a network migration would place on users,” recalls Shane. “The multitude of devices and operating systems on the market make initial device configuration a huge challenge.”

As a case in point, when UFV looked at other eduroam-enabled universities, they discovered a document for connecting Windows 7 devices that was pages long.

This scared Shane: “We wanted to use eduroam as our primary wireless network but we just couldn’t ask our user base to do this kind of complicated manual install.”

So when CANARIE offered UFV the opportunity to pilot a new eduroam configuration tool that would automate the user installation process, Bryan and Shane jumped at the chance.

Simplified wireless access at all eduroam-enabled institutions

eduroam’s web-based Configuration Assistance Tool (CAT) automates the installation of security certificates and user credentials on all manner of user devices, making setup a simple process. Once installed, this configuration makes network access seamless.

“Users previously needed to re-authenticate every time they wanted to get online,” explains Bryan. “Now, once their device is configured, they don’t even need to log in.” Shane laughs when he adds: “Our users would never go back.”

Seamless access, fewer helpdesk calls

Students and faculty who travel to other institutions benefit even further. eduroam accounts that are correctly configured at home guarantee seamless access at other eduroam-enabled institutions. People no longer have to call helpdesk in a panic an hour before they travel or when they get somewhere and realize they don’t have access. With eduroam as the university’s primary Wi-Fi access mechanism, people can move from campus to campus or even university to university without giving secure wireless access a second thought.

The University of the Fraser Valley is still in the process of migrating to the new eduroam network, having migrated about two-thirds of its user base to date.

Shane believes, “Without the simplicity enabled by CAT, most people would still be on the old solution using a web-based login.” Bryan is quick to add: “The convenience of user setup is critical. While the service itself can be functional in a couple of days, user adoption rates are what guarantee success.”

Migrating to eduroam as its primary SSID has resulted in simplified management of user accounts, seamless wireless roaming for students throughout the campus and at eduroam-enabled sites worldwide, and effortless access for visiting students and faculty…a win-win for both the IT department at UFV, and their users.

7 EASY STEPS TO MIGRATING TO EDUROAM AS YOUR PRIMARY SSID

Setting up eduroam as your institution’s primary SSID is much easier than you might think. Follow these five simple steps to get your infrastructure configured and user base registered.

  1. Join CAF online (canarie.ca/identity/join/)
  2. Request invitation to the eduroam Configuration Assistant Tool (CAT)
    Log in using Federated Single Sign-on
  3. Download IdP Installer from collaboration.canarie.ca
    Peer your RADIUS server with eduroam.ca and configure access for home and visiting users
  4. Use the eduroam Configuration Assistant Tool (CAT) to create device installers and test device configurations
    CAT generates a QR code and URL for auto-configuring popular devices
  5. Create “eduroam” and “eduroam-help” wireless networks
    Optionally, set up VLANs to segregate visitor and home user networks
  6. Use “eduroam-help” SSID to on-board new users to “eduroam”
    Users access your institution’s QR code to configure their device
  7. Outreach to user community
    Use a variety of promotional channels to reach your community