eduroam AU Joining Process

The following are the activities required of an institution to join eduroam AU:

  1. Request information on and understand requirements for participation in eduroam AU
    (AARNet will provide a standard information package)
  2. Submit eduroam AU application form (following invitation from AARNet)
    (AARNet will review the application form, and created an institutional entry in eduroam AU AdminTool)
  3. Update institutional data in eduroam AU AdminTool
    (requires SAML authentication,  may require admin account created in AAF VHO if required)
  4. Deploy institutional infrastructure (following invitation from AARNet)
    (AARNet will provision eduroam AU national eduroam infrastructure & services)
  5. Create institutional eduroam participation webpage
  6. Establish institutional eduroam support capability
  7. Update Institutional Data in Configuration Assistant Tool (for IdPs)
  8. Test institutional CAT-generated end-user device scripts (for IdPs)
  9. Confirm access to AARNet’s institutional eduroam metrics webpage
  10. Undertake final auditing (resolve any issues identified)
  11. Check institutional data to be released to global eduroam (AdminTool generated XML)
  12. Announce service availability within institution, provide online training to end-users (for IdPs)
    (AARNet will enable release of institutional data to global database,
    and announcement institutional participation to eduroam AU Institutional Admins.)

Participation Request

An initial request for information, and expression of interest in participating in eduroam AU, should be sent to

An AARNet Service Desk ticket will be created, and a Service Desk staff member will confirm customer status, eligibility of the institution seeking participation in the identified role.

PreRequisites (Audit Items without data in AdminTool)

AARNet will evaluate and confirm the eduroam participation pre-requisites with the institution prior to providing standard  information on joining eduroam AU. Those pre-requisites are:

For an IdP:

  • Effective Identity Management
  • End-user security training/awareness

For an SP:

  • Reliable wireless infrastructure with documented coverage
  • If hosting eduroam for local as well as visitor access, intent for VLAN-based segregation of traffic

Provision of Standard Information Package

Following AARNet’s investigation and any further clarifications regarding eligibility, AARNet will send the institution the standard information package for institutional on-boarding.

Generic templates of the standard information packages are available for each participation role (IdP+SP, SP-only, IdP-only).

Attachments to those information packs include:

  • eduroam AU FAQ
  • eduroam Global Policy i.e. “eduroam Compliance Statement’ (which [simple_tooltip content=’National Roaming Operator i.e. AARNet for eduroam AU’]NRO[/simple_tooltip]s must sign up to)
  • eduroam AU National Policy (current version)
  • institutional eduroam participation webpage template

eduroam AU Application Form

The institution will be invited to submit the eduroam AU application form appropriate to the role sought (IdP+SP, IdP-only, SP-only).

The standard information package provides a link to the appropriate eduroam AU Application Form.

The eduroam AU Application Form ensures the required information is conveyed and made available to eduroam AU administrators.

Application Form Preparation

Preparation of the Application Form will required gaining an understanding of implications of authentication protocol (for IdPs) and network service (for SPs) choices.

The institution will be invited to discuss items required in the application form with AARNet eduroam specialists.

Application Form Submission

The Application Form should be exported as an MS Word document, and required fields completed, and returned to AARNet via email to A separate ticket will be created which will be used for information exchange during operational deployment.

eduroam AU AdminTool Update

Based on information provided in the application form, AARNet will add basic institutional data to the eduroam AU AdminTool. The institutional eduroam admin will be invited to commence maintaining institutional data in the AdminTool.

Institutional eduroam Operability Deployment

Following the review of the institution’s application form, an invitation will be extended to the institution to commence deployment and undertake all activities required in readiness for eduroam operability.

Network Service Deployment

For SP’s establish the required network infrastructure and configuration of the IEEE 802.1X “eduroam” network.

Radius Server Deployment

Deploy RADIUS Server(s) to perform proxying of visitor authentication requests (SP role) to, and receive authentication requests for local users from, the eduroam AU National RADIUS Servers. AARNet will configure National RADIUS Servers accordingly, and perform collaborative testing to ensure institutional networking and RADIUS infrastructure is operating correctly.

Institutional eduroam Participation Webpage

During on-boarding, prior to the final audit stage, institutions should create an initial draft of the institution’s eduroam participation webpage, with operability status clearly indicated as “staging”.

Establish Support Capability

Deploy institutional infrastructure, create website, and build support capability, as described in the eduroam AU Technical Specification.

Final Audit

The final audit will be undertaken collaboratively by AARNet and the institution.

AARNet will provide an audit report, and advise success or otherwise.

If not successful, the institution will be provided with a list of issues to be resolved prior to the audit being undertaken again.

Access to Configuration Assistant Tool

At the appropriate stage of Final Audit, the institutional status will be changed to “Pre-Production”, which will trigger readiness to upload institutional data to the Global Database for the purpose of populating the eduroam Configuration Assistant Tool (CAT).

For IdP participants, following invitation from AARNet, institutional admins are required to access and complete data entry into the CAT, and access and test scripts generated for end-user device configuration.

Moving to Full Production

Following passing the final audit, AARNet will update the AdminTool status for the institution to “Production”.

The deployment data for the institution will be uploaded to the Global Database, and the institution will appear on maps generated both by the eduroam AU AdminTool, and Global Maps.

Institutional information will be available to NRO’s globally via the Global Database web interface.

Announcement to eduroam AU

AARNet will make an announcement to the eduroam AU institutional community regarding a new participant via the eduroam AU administrator mail-list.

Institutional User Education

When an institution has moved to full-production participation, it is appropriate to advise students and staff accordingly.

Any restrictions on the use of eduroam should be conveyed.

The realm(s) to be used should be described, with an explanation that the eduroam username contains the realm part to enable global roaming via remote authentication, with AARNet providing national and global infrastructure to route authentication requests.

Recommended Advisory to Users

It is recommended that an invitation to use eduroam, with a link to the institution’s eduroam service webpage, be sent to all users at the institution.

  • There is no need to provide specific training to end-users,  however their attention should be drawn to the security aspects of eduroam:
  • eduroam Username (appropriate realm if there are several) and Password
  • Reinforce need for protection of credentials
  • Reinforce need to configure authentication via eduroam while on the home campus
  • Use of CAT scripts for configuring devices (if available), or links to automated configuration tool, or to instructions for manual configuration.
  • Advice regarding logging of user activity
  • Reminder of end-user responsibility when using eduroam to comply with their home institution’s AUP, and recommendation to read the visited institution AUP (available on the visited institution AUP website, or via AdminTool).

This information should be marked with appropriate priority in an email sent from institutional IT management.