Starting point and challenge
SBB has certain transport tasks that it must perform for all 250 transport companies in Switzerland. The employees of these transport companies must therefore also have access to SBB IT systems. Today, these accesses are granted by individual agreements between the HR departments and the IT administrators of the respective companies, which requires a certain amount of personnel. This usually happens without any problems, but if an employee leaves the company, this is often recorded late or not at all. Unauthorized access can therefore not be ruled out.
PoC set-up and how our solution works
The PoC took place in collaboration with Orell Füssli, Swisscom, AXA and SBB. With the Procivis One software, these employers can issue their employees a Verifiable Credential (VC) that confirms their status as an employee. In addition, the type of contract (permanent, temporary), status (not terminated, terminated), workload, role or salary can also be included as attributes in the verification.
Employees of SBB, other transport companies or external service partners such as Swisscom can open the platform with the various applications. As long as they have not logged in, they only see the public area with a small amount of information. Thanks to the employee confirmation, they can simply log in and receive their personalized access. A QR code is displayed, which can be scanned with a smartphone. This is followed by a request to share certain attributes: First and last name, employer and role. The employee confirms the request and then sees an overview of selected relevant applications that they can access.
Result and outlook
The implementation of differentiated access authorization for more than 250 companies and countless employees is simple and secure with the Procivis One solution. Visitors to the site can verify employee confirmation and share the attributes of the employer and role. Individual agreements between companies' HR and IT departments become obsolete. Personalized access is secure and is automatically revoked in the event of changes to the employment relationship.
In addition to access, the digital employee confirmation can be used for many use cases: Employee benefits, insurance policies, etc.