How do I join eduroam?

If you’re looking for information on how to get an eduroam user account, see Get an eduroam account.

Institution roles in eduroam

An organisation can participate in eduroam as an:

• Identity Provider (IdP): Give its users eduroam accounts and authenticate their credentials when they log in at their home institution or a visited institution.
• Service Provider (SP): Provide eduroam network access to other organisations’ eduroam users.

eduroam is a reciprocal service. This means that identity providers will also be service providers.

Some Service Providers, such as airports and hospitals, will only provide network access for the research and education community. 

Participation requirements for institutions

To participate as an Identity Provider in eduroam, your organisation must:

• Be part of the research and education community.
• Meet the technical identity management requirements for eduroam services.
• Have effective identity management.
• Facilitate end-user security training/awareness.
• Have an Acceptable Use Policy for its users.
• Employ IT support staff to provide first-level support to eduroam users.

To participate as a Service Provider in eduroam, your organisation must:

• Meet the technical network scalability and security requirements for eduroam services.
• Have reliable wireless infrastructure with documented coverage.
• Facilitate for VLAN-based segregation of traffic if hosting eduroam for local and visitor access.
• Have an Acceptable Use Policy for guests.
• Employ IT support staff to provide first-level support to eduroam users.

Most institutions will be both identity and service providers, so will need to meet all requirements.

Once eligibility is approved, AARNet will send an information package that includes the application form and onboarding materials with further detail.  

Apply to join eduroam

If your institution would like to participate in eduroam in Australia, please submit an expression of interest to support@aarnet.edu.au. 

The AARNet team will then assess the status of your institution and eligibility.

Process for joining eduroam

Standard process

1. Request information and requirements for participation in eduroam AU from AARNet.
2. Submit application form.
3. Once approved, an entry will be added to the eduroam AU AdminTool and access provided to the institution.
4. Deploy institutional infrastructure, and AARNet will provision eduroam AU national eduroam infrastructure and services.
5. Create local eduroam participation webpage.
6. Establish institutional eduroam support capabilities.
7. Update institution’s data in Configuration Assistant Tool (CAT) (for IdPs).
8. Test institutional CAT-generated end-user device scripts (for IdPs).
9. Confirm access to AARNet’s institutional eduroam metrics webpage.
10. Undertake final auditing and resolve any identified issues.
11. Check institutional data to be released to global eduroam through AdminTool.
12. Announce service availability within institution and provide online training to end-users (for IdPs). AARNet will enable the release of institutional data to the global database, and announce institutional participation to eduroam AU Institutional Admins.

Deployment

Network Service

Service Providers will need to establish the required network infrastructure and configuration of the IEEE 802.1x eduroam network.

RADIUS Server

The local RADIUS Server will need to be deployed to speak to/from the eduroam AU RADIUS Server, which AARNet will configure accordingly.

Institutional eduroam participation webpage

Institution’s will need to create a draft of the local eduroam participation webpage prior to the final audit stage, with operability status indicated as staging.

Establish support capability

Deploy institutional infrastructure, create the website, and build support capability, as described in the eduroam AU technical specification.

Audit and production

The final audit will be undertaken collaboratively between AARNet and the institution. AARNet will provide an audit report, and advise of the success of the application. If unsuccessful, AARNet will provide a list of what needs to be resolved prior to the audit be undertaken again.

Once approved, the institution will be moved to pre-production status, triggering readiness to upload institutional data to the Global Database for the purpose of populating the eduroam CAT. IdP administrators are required to enter all required data to the CAT, and access and test scripts for end-user device configuration.

Once the institution has entered production, deployment data will be uploaded to the Global Database and will appear on the location maps on the eduroam AU AdminTool and Global Maps. 

User advisory and education

It is recommended that an invitation to use eduroam, with a link to the institution’s eduroam service webpage, be sent to all users at the institution. 

• No specific training is required for end-users, however their attention should be drawn to the security aspects of eduroam.
• Advise of their eduroam Username and Password.
• Reinforce need for protection of credentials.
• Reinforce need to configure authentication via eduroam while at their home campus.
• Use of CAT scripts for configuring devices (if available), or links to automated configuration tool, or to instructions for manual configuration.
• Advice regarding logging of user activity.
• Reminder of end-user responsibility when using eduroam to comply with their home institution’s AUP, and recommendation to read the visited institution AUP (available on the visited institution AUP website, or via AdminTool).
• Advice for who to contact if they have any issues (local IT).