eVA Features - learn more

Download as PDFDownload as PDF

Updated 26/04/2022

On this page:

  • Managing Portal User (Hosts) Accounts - Teams feature
  • Subscriber Host-created request-by-SMS account generation for conferences/open days
  • Jisc-created 1-day validity daily recurring request-by-SMS account generation for self-service provision by visitors
  • SMS-request events advertisement web page
  • Setting up devices to work with eVA

Managing Portal User (Hosts) Accounts - Teams Feature (new)

Adding hosts, Profiles: eVA guest accounts are created through the eduroam Visitor Access web portal by the members of your organisation to whom you grant access privileges. Such 'hosts' can be specific researchers, a group of institution staff, departmental administrators, reception personel, events co-ordinators, members of the IT Services team. The eVA service Admin at the subscriber organisation defines 'Profiles' which can have  different permissions set for the various account creation means, visitor account distribution methods, maximum guest account validity periods, and maximum number of accounts that may be created within the Profile. Staff members can then be assigned to the appropriate Profile to match the guest account creation options policy you decide - Profiles could be used as a way to help manage departmental access to eVA service. Although there are three kinds of Profile, the most commonly use type is the 'Group profile' which enables multiple host users to be assigned to it. Users are added on the basis of their e-mail address.

Once a member of your organisation has been assigned to a Profile, when they log in to the eVA portal using your organisation's SAML Single Sign On service, they will see the 'My eVA' drop down menu option on their portal menu bar. The various guest account creation options will then be available to them; individuals, batches, groups, SMS events as defined in their Profile. 

Teams feature: when setting up a Profile, the organisation eVA Admin can set the Profile as a 'Team'.  All portal users who have been included in a Team will be able to view the guest accounts that have been created by other members of the Team who have used the new ‘My Teams’ menu drop down when creating the guests. So members of a Team have two options i) create their own private guests ii) create Team-viewable guests. Important! Other members of the Team can only view guest details if the guest accounts have been created through the new ‘My Teams’ menu drop down. 

Defining a Team: Teams may be created and portal users included in the Team by the organisation’s Admin user ticking the ‘This is a team’ option in the Group Profile that the team members are using (or a fresh Profile can be created for the team). The Teams function is only available in Group and Role Profiles (the Group Profile type is the one that is most commonly used).

Multiple Teams: eVA supports the creation of multiple Teams – the Teams function is facilitated by the Admin simply ticking the box when creating/editing a Profile. So multiple Teams can be created by creating additional group profiles.

Which guests will be visible to other members of the Team?: Guest accounts that are created on the ‘first screen’ Home page ie the Quick create 1 day guest account option or guest accounts that are created via the 'My eVA' drop doen menu – these accounts will not be visible to other members of a Team.

It is only guest accounts that are created through the ‘My Team’ menu that will be visible to other members of the team. This is design feature – and allows the portal user to create own guest accounts that are only visible to the creator and also to create guest accounts visible by the whole Team.

The ‘Linked to’ Team function: when creating a guest account using the My Teams option, the host can opt to link the guest account to other Teams. There is a 'Linked to' parameter that can be selected from a drop down list of available Teams. So portal users in one Team can view such guests created by portal users of a different Team.

Maximum number of accounts that may be created: this is set by the Admin in the Profile for the Team and is a Team limit. Any member of the Team can create accounts that count towards the limit set.

SMS Events - Guest account on request-by-SMS text for conferences/open days

For events where large numbers of attendees turn up on the day, e.g. open days, one/multi-day conferences, eVA has the capability of ‘self-service’ provision of guest accounts using the SMS-request guest account feature.

How the SMS-request function works: SMS-request accounts can be created by the guest sending the event keyword that the organiser has defined, in a text message to the eVA SMS-request number (+44 7860 039833). eVA creates an account and texts the credentials in a welcome message, which contains a link to instructions on how to set up eduroam/CAT for eVA, to the visitor. The cost to the guest of sending the text is the standard cost under the user’s call plan. There is no charge for the text containing the credentials sent to the guest from eVA.

To create the event, using the eVA portal: the event organiser selects 'My SMS events' from the 'My eVA' option on the menu bar. Then click on the [Add a SMS event] button ( https://eva.eduroam.uk/sms-events/create ). Enter a name for the event. Enter a keyword of your choice. Set the maximum number of visitors you wish the event to support. The maximum is 9999. Then choose the start and end dates. And click on the [Submit] button.

The event organiser can enable the guest account to be valid for a short duration (1 day) up to a maximum of 5 days. (This limit has been set at 5 days since there is only very limited traceability of the user - it is based simply on a mobile phone number). This maximum duration cannot be set to a period greater than 5 days, however you should be able to update the event at any time. So if you need to extend an event you can adjust the start and end dates during the period of the event.

The guest can then either make a note of the credentials and insert them directly into their device supplicant (and do a basic setup themselves) or preferably use 3/4G to access the eduroam CAT via a URL link https://cat.eduroam.org/?idp=2177 and download the CAT installer that will set up the guest’s device 100% correctly. (We would recommend the latter). With later versions of Android the guest should use geteduroam and select 'eVA(UK) - eduroam Visitor Access UK' as the IdP - see below.

Advertising page: The eVA system generates a page for you to use to advertise the SMS guest account request service for your event. The page provides the keyword that the visitor will need to send, the number to text it to and the dates that the keyword is valid on. (In order for the page to be rendered by the eVA system it will be necessary for a daily keyword anchor to be registered by eduroam(UK) Support. This will be configured by default, so if you do not need this feature be sure to request us to disable it. So by default the 1-day SMS service for your organisation as described below will be enabled).

For each SMS event you create the event advertising web page can be reached using the link on the Keyword in the event box on your 'My SMS events' page. From the 'My eVA' dropdown menu on your menu bar, click on 'My SMS events'. You'll see that there is an event box for each SMS event you have created and there is a link to the advertising page from the Keyword. You can use the event URL to display the advertising page on your electronic notice board.

(Note that when you open the Create SMS event page you’ll see in the pale blue info box at the top that there’s a line ‘Visitors can SMS this keyword to the eVA phone number’.  This is linked to an example advert page (which for Jisc is)  https://eva.eduroam.uk/sms/jisc?keyword=This is an example  Note that the URL ends in ‘=This is an example’.  On the advert page that is generated you’ll see that in the top right hand corner the key word is displayed and for the above this is ‘This is an example’. If you append the keyword that you want to use for the event to the URL https://eva.eduroam.uk/sms/jisc?keyword=   (substitute organisation-specific replacement for ‘jisc’) then you will see that the advert page contains your keyword. By default the ‘Only valid on:’ date is today’s date.  You can change that by appending further content e.g. &date_start=2019-10-26&date_end=2019-10-26).

SMS 1-day Events - 1-day validity request-by-SMS guest accounts using a fresh keyword each day for a permanent self-service provision solution

There is a second SMS-request account feature, which utilises a rolling keyword of the day - which is valid for that day only. The format of the keyword is ‘anchorword’+2 digit random number. The 1-day SMS events feature will be set up for the subscriber organisation by eduroam(UK) by default. Of course, you do not have to use this feature if you do not wish to. If you want the feature to be disabled or wish to change the anchor word used for the keyword, simply send in a request to eduroam(UK) through help@jisc.ac.uk

The guest account credentials, provided by return of SMS to the visitor, are valid only for the one day.  

1-day SMS event details can only be viewed on the portal by the organisation's eVA Admin level users. From the menu bar drop down list for 'Admin', click on '1-day SMS' - https://eva.eduroam.uk/daily-sms-events. All future scheduled 1-day SMS events will be displayed in a table  e.g. 

Valid at Keyword Limit Current usage     
4 May 2022 AnchorwordXX 100 5  

If you click on the Keyword in the table, the link will take you to the 1-day SMS event advertising web page that the eVA system generates. However, see below for the recommended means of accessing the advertising page - which will allow you to display the advertising page containing the day's keyword and validity date using a fixed page URL. This is perfect for displaying the advertising page on an electonic notice board.   

The edit feature on the right hand side allows the Admin user to adjust the maximum number of 1-day SMS guest accounts for that day.

The Keyword for the day can be e-mailed by the Admin user to an administrator simply by clicking on the [Send daily SMS code with email] button. The e-mail address of the required recipient(s) can be entered next page.

Advertising page for the 1-day SMS Event: The eVA system can generate a page for you to use to advertise the 1-day SMS guest account request service on an electronic notice board. The advertising page gives the event/daily keyword that the visitor needs to send by SMS and the number to send it to. So, if you wish, the eVA backend system events advertising page means you can avoid having to create your own page. A specific page for each 1-day SMS will be dynamically built for you - from the Admin drop down menu on the menu bar, click on '1-day SMS' and click on the day's Keyword link e.g. https://eva.eduroam.uk/sms/'organisation'?keyword='organisation'XX&date_.... You can use that day's URL to display a page on an electronic notice board - note that this will change each day! 

Fixed advertising page URL: rather than needing to update the URL of the advertising page each day, eVA provides the option to publish a web page whose URL does not change. With this facility it's important to restrict the exposure of the URLs to administrators only. By default, the advertising page is accessible from any IP address. But the system supports allow-listing of IP addresses that can access the web page. So users, visitors, can see the screen, but not the unique URL that displays the rolling daily codes. In addition you can use Json and XML feeds to generate your own web advertising web pages if you wish.

The fixed URL for your organisation's adversitsing page is only viewable by Admin users of the portal and is displayed in the SCREENS panel on the 'Narrowcast' page - from the menu bar, select 'Admin' and from the drop down menu, select 'Narrowcast'.

Narrowcast: On menu bar, select 'Admin' and from the drop down menur, click on 'Narrowcast'. In the 'Screens' panel, your organisation-specific 1-day SMS event advertising web page, json feed and XML links are displayed. In the 'Whitelist' (aka Allow list) panel you can enter IP addresses, both v4 and v6 as single addresses, subnets or ranges into the 'Value' fields. Multiple address blocks are supported using the [Add More] button. The  'Description' field can be used to label the IP address/range for future reference. Click on [Save] when done. 

Setting up devices to work with eVA

The RADIUS IdP behind the eduroam Visitor Access service runs on Radiator and supports PEAP/MSCHAPv2 and EAP-PWD authentication methods. EAP-PWD is not supported on all user devices, but on platforms that do support it, such as Android, this method provides a very simple solution for users which avoids the necessity of installing an App. i.e. your visitors with Android devies to not need to install geteduroam first! (geteduroam can of course be used with Android to provide PEAP/MSCHAPv2 based authentication). 

For the 'traditional' PEAP/MSCHAPv2 method, provisioning of user device setup is fully supported by the eduroam CAT system and this, using geteduroam, is the recommended means of getting user devices correctly set up since the eVA server CA certficate is included in CAT profile and configuration of server cert validation is automatic. The instructions below indicate the different procedures that need to be followed for various device types when using CAT - these are the same as for any eduroam deployment and the variations will be familar to user-support teams. When using geteduroam, users do not need administrator privileges on their devices to complete their Wi-Fi setup.

Ideally eVA guest accounts should be provisioned ahead of a visitor's arrival to allow the opportunity for the user to set up eduroam ahead of the visit. This allows the visitor to use home broadband or other internet service to acquire the CAT or geteduroam App and to access the CAT website. 4G data connection can of course also be used.

Data connection for setup - ideally home broadband or other data service should be used to set up devices for eVA ahead of the visit, but visitors whose devices do not support EAP-PWD and who arrive on campus without their device set up will need to use a 4G data service to acquire the App and access CAT unless a local Wi-Fi onboarding service is available.

Credentials - on receipt of their guest account welcome message containing their eVA guest account username and password, users need to make a note of those credentials. These will need to be entered when the user's device is within range of the eduroam service. The guest credentials can be used with either the PEAP/MSCHAPV2 or EAP-PWD authentication methods used in eVA.

Android devices where EAP-PWD will be used - users need to be within the eduroam hotspot zone, go to Settings, Connections/WLAN/Network and Internet and tap eduroam. Select the EAP-method 'PWD'. Enter the eVA guest credentials. Sometimes a space will be added to your input if you are using the AutoFill feature, depending on your Android keyboard - this added space must then be removed again. 

Android devices pre-Android 11 (PEAP/MSCHAPv2) - i) users need to connect to the internet using home broadband or other / 4G, go to the Google Play store and download the eduroam CAT App https://play.google.com/store/apps/details?id=uk.ac.swansea.eduroamcat  ii) from within the CAT App, users then need to go to https://cat.eduroam.org and to tap 'download the eduroam installer' (CAT web site auto-detects the Android OS) then use the discovery utility to select 'eVA(UK) - eduroam Visitor Access UK' (only eVA(UK), not eduroam Visitor Access Canada etc). Tap 'Open with eduroamCAT' and [Install]. 

Android devices Android 11 and later (PEAP/MSCHAPv2) - use the geteduroam App https://play.google.com/store/apps/details?id=app.eduroam.geteduroam which uses the CAT web site for the profile to configure the Android Wi-Fi software for eVA. Guests need to select 'eVA(UK) - eduroam Visitor ACcess UK' as the IdP - and NOT 'eduroam visitor access (eVA)'.

Users other than those with Android 11 devices may of course set up their devices manually themselves using the supplied credentials, although this is not recommended. Android 11 users MUST NOT attempt to set up devices manually since server certificate validation is mandatory.

For PEAP/MSCHAPv2 the eVA(UK) IdP system utilises a server certificate issued by intermediary CA: O=GEANT Vereniging CN=GEANT OV ECC CA 4 and the root is issued by O=The USERTRUST Network CN=USERTrust ECC Certification Authority.

Apple iOS/macOS devices - users need to connect to the internet using home broadband or other / 4G and web browse to https://cat.eduroam.org/?idp=2177 (IdP=eVA(UK) - eduroam Visitor Access UK) for the installer (web site auto-detects the client).

Windows devices - users need to connect to the internet using home broadband or other / 4G. They have a choice to use either the CAT installer executable or the geteduroam executable. CAT - web browse to https://cat.eduroam.org/?idp=2177  (IdP=eVA(UK) - eduroam Visitor Access UK) for the installer (web site auto-detects the client). geteduroam - https://www.geteduroam.app/ With both options, guests need to select 'eVA(UK) - eduroam Visitor Access UK' as the IdP - and NOT 'eduroam visitor access (eVA)'.