This category of tech user is primarily used in SOAP-based server (consumer) to server (provider) communication via a web service gateway. eIAM offers the eIAM Web Service Gateway (eIAM-WSG) for authentication. Details on this service can be found at eIAM-WSG.

Please note the following necessary preparations before ordering:

• The accounts used must be ordered in advance from ICD - CIS & Directories via Remedy. The team creates an account in the data reference point, which is provisioned to eIAM and is subject to a regulated lifecycle. The following naming conventions apply:
  • SN= SVC-<stage>-<department>-<office>-<APPL>
    • Stage: DEV, TST, REF, ABN, PRD
      
    • Department: FDHA, FDFA, FDF, FDJP, EAER, DETEC, DDPS
      
    • Office (abbreviation): e.g. FOITT, FSO, etc.
      
    • Appl (abbreviation): e.g. IDM, LVS, AWISA
  • givenName = TU
    
  • displayName analogue SN
• Accounts with a soft certificate are authenticated using an X.509 certificate of class C (classes D and E are not supported).
  • The certificate must be procured in advance by you as the customer, in accordance with the Admin PKI specifications, via a Remedy MAC (enter order by order type, search for "Class C certificates", -> order certificate).
    
  • The certificate is in the name of the technical user who is used to establish the connection.
    
  • The certificate must contain at least the following key usages:
    • X509v3 Key Usage: Digital Signature
      
    • X509v3 Extended Key Usage: TLS Web Client Authentication
  • In the order, the public key must be supplied as a PEM file.
• The CISO of the office (see list of CISO ) must authorise the use of the tech user via e-mail.
  
• For the lifecycle management of the "Managed Techuser", a responsible, central office must be defined (not a dedicated person), which knows the technical context and can carry out certificate exchanges, e.g. an application management team.