FED-LOGIN - Login methods

FED-LOGIN is primarily an identity provider (IdP), used for the authentication of electronic identities in the enterprise context of the Federal Administration. It enables logins with the identities of people who are accessing applications integrated in eIAM as part of their job or mandate.

The term FED-LOGIN covers all login methods that enable the use of the SG PKI-based electronic identity. Individuals who have been onboarded by Federal Administration HR or by certain partners of the Federal Administration, such as cantonal administrations, receive an SG PKI-based electronic identity via their employer's processes.

Which FED-LOGIN methods can you use?

FED-LOGIN with smart card Authentication quality: High+ (QoA60)
The best method to use if you have a standard federal workstation system and a smart card, and thus have access to the integrated eIAM applications. The use of the smart card login method in FED-LOGIN allows a login with a quality that meets the requirements of all Federal Administration integrated eIAM applications.

FED-LOGIN with Access App Authentication quality: High (QoA50)
The FED-LOGIN access app is both the simplest and the most secure method to use if you have a Federal Administration smart card and want to log in to FED-LOGIN using a device which does not support the use of your smart card (e.g. smartphone, tablet, PC without smart card reader, mobile VDI). The FED-LOGIN access app method allows a login with a quality that meets the requirements of most Federal Administration integrated eIAM applications. Link to the instructions: FED-LOGIN - Access App registration.

FED-LOGIN with Security Key (FIDO2) Authentication Quality: High (QoA50)
FED-LOGIN supports security keys (FIDO2) as an alternative login method if you are equipped with a federal administration smartcard and want to log in to FED-LOGIN using a device that does not support smartcard usage (e.g. smartphones, tablets, PCs without smartcard reader, Mobile VDI). This login method is also suitable for situations where smartphone use is not allowed or not desired. The FED-LOGIN login method using a security key enables a login that meets the quality requirements of most eIAM-integrated applications of the federal administration – and it is completely password-free. Link to the instruction: FED-LOGIN – Register security key (FIDO2)

FED-LOGIN with password and mobile ID Authentication quality: High (QoA50)
The FED-LOGIN with password and mobile ID is an alternative method to use if you have a Federal Administration smart card and want to log in to FED-LOGIN using a device which does not support the use of your smart card (e.g. smartphone, tablet, PC without smart card reader, mobile VDI). The login with password and mobile ID allows a login with a quality that meets the requirements of most Federal Administration integrated eIAM applications.

This method has been replaced by the "FED-LOGIN with access app" method and should no longer be used. Compared to the access app, it has disadvantages for users and no clear advantages.

FED-LOGIN with password + second factor (mTAN/authentication app) Authentication quality: Medium (QoA40)
The login with password and second factor mTAN (text message) or authenticator app (OATH) is an alternative method to use if you have a Federal Administration smart card and want to log in to FED-LOGIN using a device which does not support the use of your smart card (e.g. smartphone, tablet, PC without smart card reader, mobile VDI). The login with password and second factor allows a login with a quality that meets the requirements of many Federal Administration integrated eIAM applications.

This method has been replaced by the "FED-LOGIN with access app" method and should no longer be used. Compared to the access app, it has disadvantages for users and no clear advantages.

FED-LOGIN with Active Directory single sign-on (Kerberos) Authentication quality: Medium (QoA40)
The login with Active Directory single sign-on is the method to use if you have a standard federal workstation system or federal mobile VDI, and work with this device in the Federal Administration's network. Here, the login takes place in the background without user interaction. The FED-LOGIN recognises the quality requirement of the application you are accessing and performs the login automatically if this login method is able to meet the requirements.

This method is supported only if the device is registered in and logged on to the Federal Administration's Active Directory, and if the web browser is configured accordingly. This login method is currently not supported by the Firefox web browser on federal devices. As a rule, this login requires a prior smart card-based login to the device being used.

FED-LOGIN with software certificate Authentication quality: Medium (QoA30)
The login with software certificate is the method to use if a system/process requires access to integrated eIAM resources. Examples are end-to-end monitoring or the automation of testing of integrated eIAM applications. Please note that a technical identity (managed tech user) must be registered in eIAM. The software certificate serves as a means of proof for this technical identity. You can find more information on managed tech users at .