Every member of a higher education institution in Baden-Württemberg (university, college, PH, HAW, etc.) has a personal account for accessing the IT services provided by their institution. If the institution participates in the federated identity management system bwIDM, its members can also apply for additional IT services offered by other participating institutions.

To allow external IT services to identify users, certain personal data is transmitted during registration and/or use of the service. Federated identity management ensures, through a model of mutual trust, that the external service can verify the user’s affiliation with their institution — confirming that the account is valid and the user is officially recognized. Within the bwIDM Federation, participating institutions have agreed on a minimum set of personal data that is transmitted to external IT services. This includes standard attributes such as eduPersonPrincipalName, mail, and givenName.

Some services, however, require additional information — for example, whether a user’s home institution is authorized to access a particular external service. This is handled through the assignment of special attributes, such as eduPersonEntitlement, to the user's account.

To access and use bwCloud-OS, you need a valid bwCloud(-OS) entitlement. A detailed overview of current regulations can be found on the page Entitlements in bwCloud-OS.

📌 Note: The bwCloud(-OS) entitlement model is currently being restructured and subject to change.

To view information about bwIDM services linked to your account, log in to the "RegApp".

For detailed information on the entitlements associated with your account (including those for services not yet registered), navigate to:

Index → Personal Data → Shibboleth

In the Value column, you should see entries such as bwCloud-Basic or bwCloud-Extended. If such an entry containing bwCloud exists, you are entitled to register for and use bwCloud-OS. Which specific entitlement you have is determined by your home institution and cannot be changed by you or the bwCloud-OS team.

The assignment of entitlements is exclusively managed by your home institution. The bwCloud-OS team does not have the authority to add or remove entitlements on user accounts.

If your account lacks the necessary entitlement, please contact your institution’s central IT service department or service desk.

In bwCloud-OS, a region refers to one of the four operating sites: Freiburg, Karlsruhe, Mannheim, and Ulm. Each region runs its own infrastructure but is accessible through a shared interface (Dashboard).

Resources such as virtual machines (VMs, instances), networks, and storage are bound to the region in which they are created. For example, an instance launched in the Mannheim region will receive an IP address from Mannheim’s specific IP range(s) — this address cannot be transferred to another region.

You can switch between regions in the Dashboard interface as described here.

In bwCloud-OS, each user is initially assigned a home region during account setup. For users from one of the four operating sites (Freiburg, Karlsruhe, Mannheim, Ulm), this assignment is straightforward. For users from other institutions, the assignment is based on the network topology of BelWue — aiming to route each user to the nearest operating site for optimal connectivity. However, you can apply for a project with resources (also) in other regions.

A table showing the current home region assignments can be found here.

You can select a region from the drop-down menu located on the left side of the top navigation bar in the Dashboard. The currently active region is marked with a checkmark. Simply click on a different region in the list to switch to it.