spaces.internet2.edu has been upgraded to Confluence 6.5.0. If you have any questions and/or concerns, please contact us at websupport@internet2.edu
Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info
titleSSO and MFA Currently in Pilot

The use of single sign-on and multifactor authentication for accessing the Comodo Certificate Manager is in pilot mode for the month of September 2017. If your campus would like to participate in the pilot, contact Paul Caskey (pcaskey@internet2.edu).

We anticipate moving to production during October Fall 2017.

The InCommon Certificate Service offers single sign-on convenience, and the security of multifactor authentication (MFA), for logging in to the Comodo Certificate Manager (CCM) buy those who administer their organization's certificates.

  • Single sign-on (SSO) is available to both RAOs (Registration Authority Officers) and DRAOs (Departmental Registration Authority Officers)
  • The organization must have an identity provider (IdP) in the InCommon Federation
  • The organization's IdP must be configured to support the new REFEDS MFA profile

Benefits

The benefits of using SSO and MFA include:

  • Removes the need to maintain a separate set of login credentials with the Comodo Certificate Manager
  • Eliminates the need for the RAO to request password resets from InCommon (which is time-consuming for both RAOs and InCommon staff)
  • The InCommon Certificate service is used by organizations as the basis of internal and external trust. Protecting it with MFA reduces the likelihood of stolen credentials.

  • MFA protected SSO increases security by leveraging protected campus credentials that RAOs already use in their local context to access higher security services.


Note
titleSeeking Pilot Participants


If your campus would like to participate in the pilot, contact Paul Caskey (pcaskey@internet2.edu).

Requirements:

  1. Currently use federated identity management (that is, you have an identity provider deployed in the InCommon Federation)

  2. Currently use multifactor authentication