These are the high-level technical requirements needed to support eVA service.
Network Infrastructure
eduroam-enabled Network
-
The institution must already be part of the eduroam federation with a functioning RADIUS server.
-
eVA works alongside the existing eduroam setup.
Authentication & Security
-
Uses RADIUS Server
-
RADIUS Server must support 802.1X authentication.
-
Integration with eduroam’s national federation-level RADIUS proxy.
EAP Authentication Methods
-
eVA supports authentication using EAP-PEAP (MSCHAPv2) and EAP-TTLS.
-
Visitors receive credentials via email or SMS with a validity period.
User Identity Protection
-
Temporary visitor accounts are issued using an eVA portal to ensure secure access.
-
Credentials are valid only for a limited duration (e.g., 24 hours, 7 days, etc.).
Portal Integration
-
Authentication to eVA portal is via Tuakiri (Identity Access and Management).
Device Compatibility
eVA support most Wi-Fi capable devices, including:
-
Windows, macOS, Linux laptops.
-
iOS and Android smartphones/tablets.
NOTE: Devices must support WPA2-Enterprise or WPA3-Enterprise with 802.1X. This rules out some devices like gaming ones that only connect to a “home” Wi-Fi network (single shared password) but cannot do Enterprise Wi-Fi authentication.
Logging & Compliance
-
Institutions must log authentication attempts for security and compliance.
-
Logs should be stored for a defined period to comply with local regulations (e.g., GDPR in Europe).
Usage Policies
-
It is recommended to enforce Acceptable Use Policies (AUP) for visitors.
-
Rate limiting and bandwidth restrictions can be applied if needed.