Join InCommon


InCommon Academy

IAM Online

InCommon’s mostly monthly webinar series that delivers interactive education on timely IAM topics. Watch it live or catch the recording at your convenience. IAM Online is presented by InCommon and the EDUCAUSE Higher Education Information Security Council.

Going Passwordless at Stanford

Wednesday, November 13, 2019
2 pm ET / 1 pm CT / Noon MT / 11 am PT

Realizing our long-term vision of strong user authentication coupled with endpoint security posture enforcement at Stanford, last year we deployed the final component: client certificates that strongly authenticate both the user and the device. We’ll describe the underlying systems and key design decisions while highlighting lessons we learned along our six-year journey. Join us to hear this story of dramatically improving security and user experience simultaneously.


Michael Duff, Stanford University
Tom Barton (moderator), University of Chicago and Internet2

Connect live

Our webinars are held the second Wednesday of every month. They are held at 2 pm ET, 1 pm CT, Noon MT, and 11 am PT.

IAM Rewind

Recent IAM Online topics and recordings

Check out the YouTube IAM Online channel, in cooperation with our European partner GEANT.

Our most recent webinars are listed here.

Containerization: Streamlining Operations and Reducing Downtime (October 2019)

October 9, 2019

Download the slides (PDF)
View the recording

What is all the fuss about Docker and containers, anyhow? What are the advantages of using containerized versions of Shibboleth and Grouper provided by the InCommon Trusted Access Platform? Why might you want to “Dockerize” other in-house applications and services? How can you get started?

Learn how the University of Maryland Baltimore County (UMBC) streamlined operations and reduced downtime by moving the Shibboleth Identity Provider from standalone VMs to Docker containers. We’ll discuss what motivated this, how UMBC introduced Docker to its existing environment, how they ultimately transitioned to a container-only deployment, and what’s ahead. Hear about UMBC’s initial roll-out of Grouper using the InCommon Trusted Access Platform and plans to migrate the campus ERP software (PeopleSoft) to containers.

Real-world Experience Moving IdM to the Cloud at Illinois (Sept 2019)

Download the slides (PDF)
View the recording (YouTube)

September 11, 2019

Are you considering moving some or all of your identity management infrastructure to the cloud? Want to know more about using containerized software?

Learn how Illinois chose their path to leverage “the cloud” and their “cloud-first” strategy. The implementation team at the University of Illinois at Urbana-Champaign will share their path to deployment of access management software in the cloud. What started as a Grouper product evaluation led to adapting the InCommon Trusted Access Platform into a continuous integration and continuous development “DevOps” process using low- or no-cost open-source tools.

Hear about the successful deployment of Grouper and planned migration of the  Shibboleth IdP infrastructure to Docker containers in AWS using the Elastic Container Service “Fargate.” This presentation revisits our popular presentation and demo at the 2018 Internet2 Global Summit as an update of sorts with our current state of affairs.


Erik Coleman, University of Illinois at Urbana-Champaign
Keith Wessel, University of Illinois at Urbana-Champaign

We’re moving your metadata, not your cheese – a webinar on the release of the production candidate service (July 2019)

July 9, 2019

InCommon moves its new metadata service into production on July 9 (as a release candidate for early adoption). This new service – called per-entity metadata or metadata query (MDQ) – will significantly reduce resource utilization on participants’ federation deployments by providing a new way to retrieve metadata.

Download the slides (PDF)

View the recording

Shibboleth development roadmap and consortium update (April 2019)

Wednesday, April 10, 2019

The Shibboleth Consortium is an international non-profit consortium that is responsible for the development, support, maintenance, and strategic direction of the Shibboleth software, which is prevalent in InCommon and federations worldwide.

In the two years since the Consortium was last presented at IAM Online, its membership has grown significantly, largely from US institutions joining. The growth in membership has placed the Consortium on a stronger financial footing, and enabled expansion in the development team.

As we move into the second quarter of 2019, this webinar will provide a short update on the status of the Consortium before moving to present the Shibboleth development roadmap for the next 12 months, seeking feedback from the community of users.


  • Scott Cantor (Ohio State), Shibboleth Developer and Board Member
  • Justin Knight (Jisc), Shibboleth Consortium Manager

CILogon and eduTEAMS: Collaboration and virtual organizations made easy (March 2019)

March 20, 2019

Are you interested in exploring ways that federation and identity management can be easier for research projects, virtual organizations, and other collaborations? Join us to learn about two new services: CILogon’s subscription federated identity platform, and GÉANT’s eduTEAMS service for managing user membership and access rights.

CILogon’s new subscription service offers a hosted federated identity and collaboration management platform for research projects on campus. Developed under funding from the National Science Foundation and the Department of Energy, CILogon’s open source software-as-a-service platform builds on the Shibboleth and COmanage software.

Leveraging the ubiquitous presence of eduGAIN federated identities, eduTEAMS – a service provided by GÉANT – enables communities to securely access and share common resources and services. Implementing the AARC Blueprint Architecture, eduTEAMS provides a central point for communities to manage user membership and access rights, connect services and identity providers and centrally apply access policies.


  • Tom Barton, Moderator, University of Chicago and Internet2
  • Jim Basney, Senior Research Scientist, National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign
  • Christos Kanellopoulos, Senior Trust and Identity Manager, GÉANT

OpenID Connect and OAuth in the R&E community (Dec. 2018)

December 12, 2018

How are trust and identity initiatives shaping the adoption of OpenID Connect (OIDC) and OAuth 2.0 technologies within and for the research and education community? How can home organizations and research projects ensure these technologies deliver what we need for use cases involving multiple institutions? Llearn how InCommon, REFEDS, GÉANT, and others are coordinating efforts to influence the evolution of these technologies, including the creation of a R&E working group within the OpenID Foundation. Attendees will learn practical ways to navigate this landscape, with recommended actions to plan for in 2019.


  • Rachana Ananthakrishnan, Globus
  • Roland Hedberg, Catalogix
  • David Vaghetti, Consortium GARR
  • Albert Wu, InCommon/Internet2


  • Nathan Dors, University of Washington

IAM Access Governance and Grouper 2.4 (Sept. 2018)

September 12, 2018

Interested in the Internet2 IAM software suite (a.k.a. TIER)? Planning on deploying or upgrading Grouper? Join us for the next IAM Online, which will focus on the TIER access governance strategy described in the Grouper Deployment Guide, a comprehensive document developed collaboratively by and for the trust and identity community.

Bill Thompson will lead you through these topics and touch on the container-based architecture of the Internet2 TIER packaged software. In addition, Chris Hyzer will touch on the features and changes in the new Grouper release (v2.4).


  • Chris Hyzer, University of Pennsylvania
  • Bill Thompson, Lafayette College


  • Michael Gettes, University of Florida

Identity Matching: How to know who’s who (Aug. 2018)

August 8, 2018

Identity Matching is an essential part of any institution’s identity management processes. When a new student or employee enters the system, are they already known from a previous affiliation? What if an error is corrected later in their identity data? How does the system detect possible duplicate identities later? Doing identity matching well is really hard, but preventing duplicate identities or cases of mistaken identity can lead to some sticky situations.

In this IAM Online, you’ll hear from two speakers with ideas to help you improve your identity matching practices. Summer Scanlan will talk about some of the procedures used at the University of California, Berkeley for identity matching and her work to continue to improve them. Ben Oshrin from Spherical Cow Group will explain the technology behind identity matching and give a sneak peek at identity matching work coming out of Internet2’s TIER initiative.


  • Benn Oshrin, Spherical Cow Group
  • Summer Scanlan, University of California, Berkeley


  • Keith Wessel, University of Illinois at Urbana-Champaign