Help on administration of RA agents
Assignment of RA agents in the admin portal
B | Identification in general
In Switzerland, Swisscom continously expands the possibilities to enable identification in the Swisscom shops. We will report about this on this main web page. Abroad, identification will only be possible via partners who offer this. In the medium term, Swisscom is looking for a connection to existing identities (e.g. identity verification online by a bank or a state eID, like the German Personalausweis or SwissID).
An RA agency is associated to a storage area (a so-called “tenant”) in which only those persons identified by the RA master agent or other RA agents of its agency are managed. The RA-Master Agent has access to this tenant and can appoint any identified person of this tenant as a RA agent.
If a person was identified by another method of the Smart Registration Service (e.g. video identification in the EU), the RA-Master Agent cannot appoint that person as an RA agent due to the fact that he is associated to another tenant (the SRS tenant). The RA Master Agent must reidentify him by use of the RA-App.
The only exception is the very first RA-Master Agent: He is identified anyway by a person of Swisscom, Swisscom Partner or e.g. a video identification and thus ends up in the “wrong” tenant by default. When the agency is set up, the named RA master agent is searched and moved to the correct new tenant of the RA agency. However, further postponements are not possible.
On this Signature Check page you can check at any time whether you can sign electronically or whether you need a new registration:
If the result is positive, you will see with which signature type (QES, FES) and in which legal area (EU, Switzerland) you can sign electronically.
In case of a negative result, you will find out the reason for a new registration and identification for the electronic signature.
C | RA-App
Please find a table with all accepted ID documents and passports:
This happens indirectly. In practice, the procedure is as follows: The RA agency first appoints a RA master agent. This agent is identified by Swisscom or a Swisscom partner and undergoes training. He then receives a user interface with which he can turn other persons identified by him alone into RA agents or RA master agents. However, they must also undergo an automated requested e-Learning training.
In principle, Swisscom must retain the data for a very long time (11 years in Switzerland or 35 years in the EU). But persons can be deactivated by the RA master agent or by Swisscom so that they can no longer sign.
On average, an identification is completed within 2 minutes.
Hold the camera up so that the entire ID document is captured by the cut-out (still blurred if necessary). Move the camera slowly closer to the badge and it will start to focus again.
RA agencies act on behalf of the Swisscom registration office. In addition to the duties of careful execution of the registry’s activities, data protection is also a priority. The data protection principles from Art. 28 DSGVO apply, which are reflected in precise form in the technical-organisational measures (TOM) in the RA Agency contract. They are based on 2 sections of Art. 28, which reflect the use of the app on the mobile device:
- The measure must “ensure the ability to ensure the confidentiality, integrity, availability and resilience of the systems and services in connection with the processing on a long-term basis” and
- Include a procedure for regular review, evaluation and evaluation of the effectiveness of technical and organisational measures to ensure the security of processing.
- The controller and the processor shall take steps to ensure that natural persons under their authority who have access to personal data process them only on instructions from the controller, unless they are required to do so by Union or national law.
This means that in addition to the use of carefully selected and trained employees, the protection of the app on the mobile device and also the protection of access must be guaranteed. Are the devices adequately protected against viruses? Will it be prohibited to download programs from other app stores that do not offer sufficient protection? Do employees keep their PINs and passwords secret? Are devices not rooted?
The most important task of the RA agent is the strict examination of the identification documents submitted to him and in particular the strict verification of the field information read out by OCR from the ID card / passport as well as the correct recording of the mobile number.
Based on data protection laws we do not offer any RA Agency contracts with RA Agencies outside of the mentioned jurisdictions. RA Agents working in jurisdictions other than EEA/EU/CH shall not identify people which are residents of EEA/EU/CH.
There are no special instructions necessary, because the process is exactly the same as for a “live” identification with the RA App. The demo mode is described in the basic training for RA agents.
You can access the demo mode of the RA App by logging in with the following information:
- Mobile number: +41123456789
- Company name: demo
Correct. If a person does not have a machine-readable ID or passport, they cannot get identified with the RA app for electronic signature and therefore cannot use the signing service.
No. It is prohibited to scan copies of ID documents or passports with the RA App. The reason is that the security features cannot be checked on a copy.
No, this is not permitted. The RA App has been certified for face-to-face identification and may accordingly only be used in personal contact.
As Mobile ID is a personal authentication method, the user must activate it himself. The user should always activate Mobile ID prior to identification with the RA App or Smart Registration Service so that the user can use Mobile ID as an authentication method for signature. The user should follow the instructions on www.mobileid.ch menu item “MY MOBILE ID”. User can also find a detailed FAQ on the Mobile ID website
Make sure that you have not registered the person in the RA-App Demo Mode (mobile number +41001234567, company “demo”).
Check the Service Status page (https://trustservices.swisscom.com/service-status/) to see if there are any faults. If no SMS arrives after another attempt, please inform the support.
If you are already registered (with RA app or the Smart Registration Service), you have to observe the following:
- If you already use the Mobile ID on SIM card and want to use the Mobile ID app, you should use the recovery code when activating or to authenticate with the Mobile ID SIM at activation and not to activate as a “new Mobile ID”. Otherwise, this app will also be considered as a new method of declaration of will and you will need to be re-identified.
- The same happens the other way round if you want to switch from an installed Mobile ID app to the Mobile ID SIM card.
Typical error message in such a case is an error message with “serial mismatch”.
The Smart Registration Services tries 5 times all 3 days to send out the SMS again. Only if all attempts fail after 15 days a reidentification is necessary.
With the password/SMS code method, there is unfortunately no possibility of recovery; a user must be re-identified in any case after he has changed his password.
P | RA admin portal
No, after clicking the button, the process starts immediately. It is also not about whether the RA agent “wants” to complete the e-learning. It is rather a question of whether you, as the responsible Master RA Agent, are of the opinion that further training would do the RA Agent good, as you have identified knowledge gaps.
In the Admin Portal, you can only view the users who have been identified by your “own” RA agents with the RA App. If you cannot find an identified person in your RA agency, then this person is either not yet identified for the electronic signature or has been identified by an RA agent of another RA agency, e.g. in a Swisscom shop or via video identification.
For data protection reasons, you can only search users in the admin portal using their mobile number. When searching, you need to enter the mobile number of the person that was stored during his*her identification process.
No, it is not possible to obtain a list of all users of an RA agency from the Admin Portal for data protection reasons.
As a Master RA Agent, you will only see the RA Agents and Users of the RA Agency you are currently logged in to. The name of the RA agency is displayed at the top right of the Admin Portal. For legal reasons, the two RA agencies must be kept separate.
In the list of “RA Agents” there are the green little boxes with a link, e.g.:
If you click on this box, the link to the e-learning or to the duties is copied to your clipboard and you can send the to the prospective RA agent, e.g. via e-mail, chat, etc.
However, the RA Service automatically sends reminder SMS’s for the e-learning to the prospective RA agents every 3 days, up to a maximum of 5 SMS. If the prospective RA agent does not complete the e-learning and has not accepted the duties within 15 days, the role assignment is deleted by the system and you as Master RA agent have to repeat it.
Yes. The date of the identification (“created date”) is relevant, whether a user entry is displayed in the admin portal.
Yes. That is possible.
No, all entries and also entries in the Admin Portal are not case-sensitive.
It is not necessary to withdraw a user’s authorisation to sign electronically (archive), as the registration is personal and the user can also use his registration with other signature portals.
If you still want to revoke the user’s authorisation, click on the small red server symbol next to the corresponding user entry; the entry will then be archived and the user will no longer be able to sign.
Q | Administration of RA agents
Yes, you can remove an RA agent by clicking the “Delete agent” button in the RA agent entry in the admin portal.
Yes, people from outside the organisation can register for the QES in the selected Swisscom Shops. As an RA agent, you can of course also register persons from outside the organisation with the RA App. As a Master RA Agent, however, you may not assign the RA Agent role in your RA Agency to persons from outside the organisation.
Option 1: Register the person again with the RA App. Then, this person will appear in the admin portal of your RA agency among your users and you can assign the desired RA agent role to them.
Option 2: The person registers via video identification or in the Swisscom Shop and reports it to you. Then you inform us via the contact form [link] that this person should become an RA agent in your RA agency (select option: appoint “invisible” user as RA agent). Please be sure to include the name and mobile number of this person. Then, we will take over the role assignment and give you feedback.
As a Master RA agent, you cannot assign the person to another RA agency yourself, but we can assign users the role of “Master RA Agent” in your RA agency. To do so, please give us the name and mobile number of this user via our contact form [link] (select option: appoint “invisible” user as RA agent). We will then take over the role assignment and give you feedback.
Standard RA agents: can identify and register persons for the electronic signature with the RA App.
Master RA agents: can also log into the admin portal and manage the users, RA agents and Master RA agents of their own RA agency. Furthermore, Master RA Agents are first point of contact for their Standard RA Agents, if they have any questions or problems. Master RA agents can contact us with questions and issues via the contact form [Link].
Having two Master RA agents is very useful. You do not necessarily need to appoint more Standard RA Agents, as Master RA Agents can also identify people with the RA App. However, we generally recommend a good mix of Standard and Master RA agents in your RA agency.
Yes, this is possible without any problems. To become a Master RA Agent, the person must be identified via the RA App. It does not matter which RA agency the RA agent who performs the identification belongs to.
It is just that you will not see the user entry of this person under your own users in the admin portal afterwards. Therefore, you cannot assign the role of Master RA Agent to this person yourself; we would have to do this for you. A notification can be made via the contact form [link] (option: appoint “invisible” user as RA agent).
No, a Master RA Agent may never assign the role of RA Agent in his RA Agency to persons outside the organisation. If desired, the client could conclude a separate RA agency contract with Swisscom.
As a Master RA Agent, you can appoint external (e.g. temporary) employees as Standard RA Agents if the said employee works on behalf of your organisation and also has a valid contract with your company or organisation.
Please do not forget to delete the role “RA Agent” for this external employee if he or she is no longer working for your organisation.
You may act for the company that has a valid RA agency contract with Swisscom and whose Master RA agent has appointed you as RA agent. The prerequisite in each case is that they have a current contract with this company, e.g. an employment contract, temporary or fixed, a project assignment or similar. If a person works for two companies, then both companies must have an RA agency contract and that person must have an RA agent role in both RA agencies so that they can also identify people for both RA agencies.
Please note: As an RA agent, you can identify people as you wish, including people from outside companies or individuals. It is simply not allowed to have non-company RA agents working for an RA agency.
R | Troubleshooting RA agency and compliance
It often happens that an RA agent reports to the Master RA Agent on his own initiative because he is unsure afterwards, e.g. because he has “tricked” the RA App. Or you as the Master RA Agent see names in your users’ data in the Admin Portal that cannot be correct, e.g. “Dtt” instead of “Ott”, or “Alexan” instead of “Alexandra”. In such cases, the identification must be repeated and you should remind the RA agent of his duties, possibly even trigger a training again.
Unfortunately, there is no reliable method to detect faulty registrations, except for the concrete check of user entries based on the ID documents presented during identification. However, we at Swisscom or our auditors only carry out such checks on a random basis.
We have a few colleagues and also partners in Germany who carry out identifications with the RA App. Of course, it would be easier to use the video identification procedure, SRS Bank, SRS eID or SRS Selfie Ident to register persons in the EU area for QES. Unfortunately, these identifications are not permitted for QES in Switzerland, where it is mandatory to register using the RA app.
You can find more information on SRS Direct
Try the following:
- Restart your mobile phone: as we all know, a reboot is always good for you!
- For Mobile users: Test your Mobile ID at mobileid.ch/login.
In the following situations, you need to be identified again:
- A new mobile number
- A new SIM card
- A new mobile phone
- Switched to eSIM
- Activated your Mobile ID (SIM) or Mobile ID App without using the recovery code.
- Changed your authentication method, e.g. from Mobile ID SIM to Mobile ID App or vice versa; from password SMS code procedure to Mobile ID and vice versa.
- changed your secure password when using the password/SMS code procedure
- Transferred your mobile phone contract, e.g. also changed provider
- Got a new passport or ID card because the old document had expired.
Please check here if you are correctly registered: https://check-signing.trustservices.swisscom.com/
You must have a successful result on this page to be able to login, otherwise you need to get identified again.
After re-identification, you must also be reassigned the Master RA Agent role, as there is a new user entry.
For users in Switzerland, the Mobile ID SIM method has priority over the Mobile ID app. We recommend that you choose one Mobile ID method and deactivate the other. You can deactivate the respective Mobile ID method in the Mobile ID Dashboard: www.mobileid.ch/login
You will not receive any notification in the Admin Portal. Users get a notification by SMS 3 months and again 1 month before the expiry of their ID card or passport. And as a Master RA Agent, you are also a user.
Option 1: You have not answered all knowledge questions, therefore the e-learning is not yet completed. Please answer all knowledge questions so that you reach the green cup. Afterwards you will receive another SMS with the link to the duties of RA agents. Only after you have accepted these duties, you can log in to the RA App.
Option 2: You have
- changed or reset your password for the password/SMS code procedure
- activated the MobileID (SIM or App) after you identified yourself
- Re-activated MobileID or changed the Mobile PIN without using the Mobile ID Recovery Code.
- Received a new SIM card, eSIM, mobile phone number or mobile phone, changed your provider
For any of these events, Swisscom can no longer guarantee that the same person is in possession of the phone number that was validated during the identification by the RA agent. For security reasons, you will need to re-identify yourself and ask your Master RA Agent to reassign the RA Agent role to you.
Please note: the RA Agent role must first be deleted and then completely reassigned in the admin portal.
A prospective RA agent has 15 days to complete the RA agent basic e-learning. If the RA Agent misses this deadline for completing the basic e-learning, the role assignment is deleted from the system and the Master RA Agent must reassign the RA Agent role.
Standard RA agents have no insight into the users they identify.
If a security incident occurs, Swisscom analyses what exactly happened. Then Swisscom performs an assessment of the impact as well as the risk for their services and any persons affected. After this assessment, measures are derived to remedy the security incident and avoid similar incidents. The affected customers are notified and sensitised when certain measures are implemented and appy to them.
A customer has appointed persons from outside the organisation as RA agents in his RA agency. Swisscom has become aware of this and has opened a security incident, as this is not permitted due to compliance requirements. Swisscom’s assessment and evaluation showed that this was a security incident (minor incident) for the service. Swisscom then raised awareness of this issue with the customer and asked them to remove the RA agent role from all non-organisation personnel. In addition, Swisscom has sharpened the topic in the training documents.
Once RA agents are “deposited” in the agency, the name of the RA agency can no longer be adjusted. If the company name is changed, we have to create a new RA agency and the network of RA agents has to be rebuilt.