FAQs - eduroam.org

FAQs - eduroam.org
Where can I eduroam?
What is eduroam?
eduroam for users
eduroam for your institution
How does eduroam work?
eduroam Managed IdP
eduroam for your Research & Education Network
eduroam Governance
eduroam Tools
eduroam Companion App
geteduroam – Get Connected Quickly and Safely
Configuration Assistant Tool (CAT)
FAQs
eduroam security
Support FAQs
eduroam and GÉANT
eduroam news
Case studies
Support
eduroam Privacy Notice
eduroam Advisories
eduroam Documentation
eduroam Policies and Documentation
eduPKI eduroam RA
‘How-To’ Wiki
eduroam media and resources
More
FAQs
Helping you get connected, wherever you are
FAQs
Helping you get connected, wherever you are
Frequently Asked Questions
This page provides answers to the most frequently asked questions relating to eduroam.
What is eduroam?
Who runs eduroam?
I am a student / researcher / professor, can I use eduroam?
What does eduroam cost?
Can a public WiFi provider offer eduroam?
As a network administrator, what do I need to do to set up eduroam in my campus?
How does eduroam work?
What technology does eduroam use?
Is eduroam safe to use?
Does eduroam use a captive portal for authentication?
Does eduroam work on different platforms?
Can you help me configure my device?
What is eduroam?
eduroam (education roaming) allows users (researchers, teachers, students, staff) from participating institutions to securely access the Internet from any eduroam-enabled institution. The eduroam principle is based on the fact that the user's authentication is done by the user's home institution, whereas the authorisation decision allowing access to the network resources is done by the visited network.
To learn more about eduroam, please read also the section
about
Who runs eduroam?
eduroam is a global initiative supported by GÉANT, the National Research and Education networks and individual institutions. Each participating organisation contributes time, manpower and resources to help support the collaborative efforts.
Overall governance of eduroam is provided by the Global eduroam Governance Committee which currently comprises eleven senior representatives of roaming operators in Africa, Asia-Pacific, Latin America, North America and Europe.
For more information on how the eduroam service is supported click
here
I am a student / researcher / professor, can I use eduroam?
As end-user you will only be able to use eduroam if your institution provides electronic identity (e.g. account for network access). In that case you will need to contact your administrator and ask for an account. You (or your network administrator) will have to configure your computer to enable eduroam access.
What does eduroam cost?
eduroam is free for its users, there is no charge for eduroam use world-wide. The providers of eduroam hotspots make the service available to benefit all members of the research and education community.
Can a public WiFi provider offer eduroam?
eduroam separates the concepts of authentication (identity providers) and hotspots (service providers) allowing public, commercial or city wifi initiatives to offer eduroam in addition to research and education institutions.
What commercial entities cannot do is become identity providers and offer a service to their customers that will work with eduroam. so any partnership with a commercial wifi service needs to respect that users of this hotspot cannot be charged for accessing the network.
As a network administrator, what do I need to do to set up eduroam in my campus?
In order to enable your users to access eduroam in your campus, you need to maintain an Identity Management System (IdMs), where your users' electronic identities are stored.
You also need
a RADIUS server, which will have to be connected to your IdMs.
To set up an eduroam service point in your institution you have to configure your wireless LAN according to the eduroam requirements.
Your institution must be part of an eduroam service, which is provided by your National Roaming Operator (in most cases your National Research and Education Network (NREN)).
The NREN in your country must participate in eduroam. To find out more about the NREN in your country please refer to the eduroam map. Your NREN representative will be able to inform you about the formal rules for participation.
For more detailed information on how to set up eduroam, please consult the eduroam wiki.
How does eduroam work?
When a user tries to log on to the wireless network of a visited eduroam-enabled institution, the user's authentication request is sent to the user's home institution. This is done via a hierarchical system of RADIUS servers. The user's home institution verifies the user's credentials and sends to the visited institution (via the RADIUS servers) the result of such a verification.
What technology does eduroam use?
In eduroam, communication between the access point and the user's home institution is based on IEEE 802.1X standard; 802.1X encompasses the use of EAP, the Extensible Authentication Protocol, which allows for different authentication methods. Depending on the type of EAP method used, either a secure tunnel will be established from the user’s computer to his home institution through which the actual authentication information (username/password etc.) will be carried (EAP-TTLS or PEAP), or mutual authentication by public X.509 certificates, which is not vulnerable to eavesdropping, will be used (EAP-TLS).
Is eduroam safe to use?
eduroam is based on the most secure encryption and authentication standards in existence today. Its security by far exceeds typical commercial hotspots. Be aware though that when using the general Internet at an eduroam hotspot, the local site security measures at that hotspot will apply to you as well. For example, the firewall settings at the visited place may be different from those you are used to at home, and as a guest you may have access to fewer services on the Internet than you have at home.
Does eduroam use a captive portal for authentication?
No. Web Portal, Captive Portal or Splash-Screen based authentication mechanisms are not a secure way of accepting eduroam credentials, even if the website is protected by an HTTPS secure connection. The distributed nature of eduroam would mean that many different pages, languages and layouts would be presented to eduroam users making it impossible to distinguish between legitimate and bogus sites (even a consistent layout can be mimicked by an adversary).
eduroam requires the use of 802.1x which provides end-to-end encryption to ensure that your private user credentials are only available to your home institution. The certificate of your home institution is the only point you need to trust regardless of who operates any intermediate infrastructure. Web portals require you to trust their infrastructure as they receive your password in clear text, this breaks the end-to-end encryption tenets of eduroam.
Does eduroam work on different platforms?
eduroam uses open standards to enable cross platform uniform access. This means that eduroam works on Windows, Linux, MAC OS, iOS and Android.
Can you help me configure my device?
Unfortunately we don't have the resources to provide individual assistance and feedback on device compatibility with eduroam or your local wireless setup. Check with your organizations IT helpdesk in the first instance. Many organisations use the
eduroam Configuration Assistant Tool (CAT)
which is designed to provide a simple, safe mechanism for configuring devices.
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
Statistics
The technical storage or access that is used exclusively for statistical purposes.
The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options
Manage services
Manage {vendor_count} vendors
Read more about these purposes
View preferences
{title}
{title}
{title}
Skip to content