Release Notes / Customer Information

Lauteraarhorn 04.05.2025

Status: Final (22.04.2025)
The Release Notes (RN) report on the enhancements, as well as new functionalities and changes to the eIAM Services as per the Roadmap FCh-DTI. Please direct your questions about the release to
Please note that dates for the completion of documentation and concepts usually refer to the end of a release period and have nothing to do with the individual release dates (Release Dates) for functionalities.


Launch date
  • REF:      ⇨ 25.02.2024
    ⚒ Regression testing ❌❎ ➔ eIAM ⚒✅
  • ABN:    ⇨ 02.04.2025
    ⚒ Regression testing ❌❎ ➔ eIAM ⚒✅
  • PROD:  ⇨ 04.05.2025
    Sunday ⚒ Final Inspection ❎❎ ➔ eIAM
Changes - Innovations
  • FED-LOGIN - Improved selection of login method
  • FED-LOGIN - «Login with smart card – remember selection»
  • FED-LOGIN - Support for security keys (FIDO2) for users with smart cards
  • eIAM-AM - Delete ‘Login History’ data in IDM
  • AGOV-First (preliminary information)

Regression testing by eIAM customers

Your cooperation is necessary and very important. In the last releases, we had problems in the higher operating environments (ABN, PROD) only where applications had not carried out their regression tests in advance on REF and/or ABN. These are unnecessary problems which we can avoid together. We count on your support here. It is important that you carry out your regression tests carefully and report any problems to the testing team promptly and in a qualified manner.

Process and expectations for SR introductions

In order to be able to guarantee the stable and secure productive eIAM service, we require meaningful regression tests of the applications in the REF and ABN instances until the SR rollout to PRODUCTION. Normally you have 10 working days at your disposal for this. Please note that in the first 2 days after installation you can benefit from an Early Live Support Team that will assist you promptly in the case of problems.

These release notes will help you to plan the regression tests in relation to the eIAM functionalities you use and will also serve as a source of information for your end customer communication. Please note that the final version of the release notes with all necessary details will be delivered shortly before the productive installation.

Important
Let us know your test results (positive or negative) via Feedback form customer regression tests. (only accessible from the Federal Administration network) so that any service release corrections can be made in good time.

eIAM contact person

If you have any questions or concerns about eIAM, ePortal or PAMS you can contact the following offices or persons;

eIAM contact points
×

Changes - Innovations

FED-LOGIN - Improved selection of login method

For many Federal Administration applications, authentication via FED-LOGIN is carried out in the background via Active Directory SSO and without user interaction. From the internet/cantonal network or in cases where the quality of authentication with Active Directory SSO is not high enough for the application, a login with user interaction is carried out.

The screen for selecting the login method on the FED-LOGIN IdP has been improved to optimise operation, especially on smaller screens (laptop/mobile devices).

Desktop view:

Figure: FED-LOGIN registration with the available login methods on a desktop.
FED-LOGIN Selection of login methods (desktop)


Smartphone view:
Figure FED-LOGIN registration with the available login methods on a smartphone.
FED-LOGIN Selection of login methods (Smartphone)

FED-LOGIN - «Login with smart card – remember selection»

For applications that allow authentication with other means of identification than the smart card due to their security requirements, the user had to choose whether to log in with the smart card or an alternative login method each time they logged in.

As of release Lauteraarhorn, FED-LOGIN offers the user the option of specifying that FED-LOGIN should always use authentication with the smart card on this device. If this option is set, the selection screen is skipped. If authentication with the smart card cannot be successfully carried out for some reason, this marking is automatically removed again.

The solution uses a persistent cookie to remember the user's selection. Deleting the cookies in the web browser will therefore reset the function.

Figure FED-LOGIN registration where you can set the selection to log in with the smart card for future logins.
Login with smart card – remember selection


FED-LOGIN - Support for security keys (FIDO2) for users with smart cards

Federal administration users with FED-LOGIN identity who have a smartcard can, as of the Lauteraarhorn release, use up to four security keys (physical security keys - FIDO2) for authentication as an alternative means of identity verification to the smartcard and the FED-LOGIN Access app.

Authentication with security keys is password-free. Please note that for security reasons, only security keys that do not store private keys in a readable form on a hardware solution are supported. This enables authentication at QoA50 (high) with FED-LOGIN even in cases where the smartcard and smartphone with the FED-LOGIN Access app cannot or may not be used.

The registration and management of security keys for FED-LOGIN is carried out by the user in MyAccount in Self Service, as for the other means of identity verification, after prior registration with the smartcard. For your applications, it is transparent whether the user has authenticated themselves with FED-LOGIN using a security key, the FED-LOGIN Access App or Mobile ID.d themselves with FED-LOGIN using a FIDO security key, the FED-LOGIN Access App or Mobile ID.

Figure FED-LOGIN registration where you select the login method with FIDO token.
Login with FIDO security key


Link to the instructions Use FED-LOGIN without smartcard (for smartcard holders)

Note:
Support for security keys in FED-LOGIN for users who are not equipped with a smartcard from the federal administration (the so-called "totallySmartcardless") will be implemented at a later date.

eIAM-AM – Deletion of "Login History" data in IDM

In the past, eIAM-AM (IDM) created a history entry for each user login, including a timestamp indicating when eIAM retrieved authorization information from the corresponding access tenant.
This information was stored on the user record in the IDM database. As a result, the eIAM IDM database grew continuously, which could negatively impact its performance over time.
The usefulness of this information was assessed as very low for eIAM customers and was rarely, if ever, accessed. Therefore, starting with the "Lauteraarhorn" release, the login history on the user will now be deleted regularly.

Note: The information about the user's last login will be retained.

AGOV-First (preliminary information)

With the Lauteraarhorn release, a few new features will be rolled out in the eIAM service that are directly effective for you as a customer. In recent weeks, the eIAM service has been working intensively on preparations for "AGOV-First". It is planned to roll out "AGOV-First" for our customers in the eIAM reference environment (REF) with the Lenzspitze release, while "AGOV-First" will be rolled out with the Liskamm release (i.e. one release later than the reference environment) in the acceptance and production environments of eIAM. This is done in such a way that you, as an eIAM customer, have enough time to thoroughly test "AGOV-First" in the reference environment and, if necessary, to adapt your user documentation.

"AGOV-First", the next phase in the replacement of CH-LOGIN by AGOV (CH2A), was presented in detail at the eIAM information event on 11 April 2025.

The presentation shown during the customer information event can be found here .