The use of single sign-on and multifactor authentication for accessing the Comodo Certificate Manager is in pilot mode for the month of September 2017. If your campus would like to participate in the pilot, contact Paul Caskey (firstname.lastname@example.org).
We anticipate moving to production during October 2017.
The InCommon Certificate Service offers single sign-on convenience, and the security of multifactor authentication (MFA), for logging in to the Comodo Certificate Manager (CCM) buy those who administer their organization's certificates.
The benefits for using SSO and MFA include:
The InCommon Certificate service is used by organizations as the basis of internal and external trust. Protecting it with MFA reduces the likelihood of stolen credentials.
MFA protected SSO increases security by leveraging protected campus credentials that RAOs already use in their local context to access higher security services.
As adoption grows, there will be a reduced load on InCommon staff due to password resets for the CCM, a time-consuming process.
The InCommon Certificate Service, in conjunction with service provider Comodo, will provide single sign-on functionality for the Comodo Certificate Manager (CCM), as well as support for multifactor authentication (MFA). XXX current Certificate Service subscribers are part of a pilot program, which will test the functionality and processes during the month of September 2017. Full production availability is expected by mid-October.
The single sign-on (SSO) feature is available only for those campuses that participate in the InCommon Federation, which provides the SSO infrastructure, and have a local MFA deployment on campus. Multifactor authentication requires the use of the username and password, as well as a second authentication factor (typically responding to a text message or other communication via a cell phone).Those institutions who do not have either MFA capability or an identity provider in the InCommon Federation will be addressed in future phases of this program.
“This is a highly requested and long-awaited feature for our community,” said Paul Caskey, program manager for the InCommon Certificate Service. “The InCommon Certificate service is used by organizations as their basis of internal and external trust. Protecting it with MFA reduces the likelihood of stolen credentials.”
This process removes the need for the organizational administrators to maintain a separate set of login credentials at Comodo, instead using their campus credentials through the InCommon Federation. This will also reduce the demand placed on the InCommon help desk by time-consuming password reset requests for the CCM.