IAM Online

Many institutions operate in a hybrid state, juggling on-premises identity systems with cloud-based IAM solutions. As the shift toward cloud infrastructure and SaaS services accelerates, institutions making these transitions must weigh greater scalability, flexibility, and integration options with challenges like licensing costs, integration complexity with legacy systems, and vendor dependence. With no one-size-fits-all approach, each institution must navigate its own path forward.

Join IAM practitioners from Southern Methodist University (SMU) and the University of Virginia (UVA) as they share how their institutions are navigating the evolving IAM landscape. SMU recently transitioned its primary identity provider from on-premises (Shibboleth) to the cloud (Entra ID) while maintaining a hybrid environment—offering insights into their motivations, lessons learned, and strategies for process, stakeholder communication, and user education. UVA will discuss its approach to fully leveraging Entra ID while unifying two separate SSO solutions, sharing key considerations behind their decisions and how they are managing change. Both institutions will provide valuable takeaways on navigating these shifts and preparing for the future.

Speakers:
Tommy Doan, Identity Management Lead, Southern Methodist University
Kellen Murphy, Identity Architecture & Solutions Engineer, University of Virginia

Moderator:
James Cramton, Trust and Identity Industry Relationship Manager, Internet2

2025 Identity Trends & Forecasts for the Year Ahead: What’s Taking Center Stage in Research & Education

What critical trends will shape IAM in 2025? InCommon Catalysts come together to share their predictions and insights on four critical areas of focus set to reshape identity management for R&E: AI-powered IAM operations, CACTI’s (Community Architecture Committee for Trust and Identity) work around OpenID Federation, the power of proxies, and essential lessons learned from higher education C-suite leaders. These experts will explore what these trends mean for your institution and their importance in the coming year.

Join leaders from Provision IAM, Instrumental ID, OmniBond, Unicon, Cirrus Identity, and Evolveum as they share insights on these critical developments and their implications for research and education institutions. Whether you’re evaluating AI capabilities, preparing for evolving federation standards, bringing new technologies into an existing environment with proxies, or seeking to better align IAM with institutional priorities, this discussion will provide valuable insights for your 2025 planning.

Speakers:
Stephen Fox, Sr. Software Engineer, Provision IAM
Zac Adams, Sr. IAM Architect – DevOps/SRE, Instrumental Identity
Drew Capener, Software Engineer, Omnibond
Paul Spaude, Sr. Software Engineer, Unicon
Mark Rank, Director of Product & Compliance, Cirrus Identity
Simona Simkova, Business Development Representative, Evolveum

Moderator:
James Cramton, Trust and Identity Industry Relationship Manager, Internet2

One Year In: InCommon’s Future

In March 2024, InCommon launched its ambitious Futures2 Strategy, aiming to become the trusted authority for Identity and Access Management (IAM) in Research and Education. This webinar reflects on the first year of progress, highlighting key initiatives such as the development of audience-specific resources to support teaching and learning, federal agencies compliance, and shared IAM architectures. Join us to explore lessons learned, successes achieved, and areas for continued focus as InCommon advances its 2028 vision of advancing secure, interoperable digital collaboration and resource sharing for Research and Higher Education.

Speakers:
Ann West, Associate Vice President, Trust & Identity, Internet2
Kevin Morooney, Vice President for Trust and Identity and NET+ Services, Internet2
Steve Zoppi, Associate Vice President of Services Integration and Architecture at Internet2

IAM in Higher Ed: Balancing Security and Ease of Use

As social engineering attacks such as phishing, fraudulent password reset requests, and identity fraud become increasingly MORE FREQUENT AND sophisticated, universities must find ways to strengthen security without sacrificing user convenience. Help desk processes—often designed to be user-friendly—can be a prime target for exploitation, making the balance between security and convenience critical.

In this webinar, join Matt Morton, Assistant Vice President and CISO at the University of Chicago, along with Eric Zematis, CISO, and Forest Crowley, Security Architect/IAM Manager at Lehigh University, as they share their insights on combating these threats. Discover practical strategies and lessons learned from these two institutions and explore how you can protect your organization from social engineering threats without undermining the IAM user experience.

Speakers:
Matt Morton, Assistant Vice President and CISO | University of Chicago
Eric Zematis, CISO | Lehigh UniversityForest Crowley, Security Architect/IAM Manager | Lehigh University

Moderator:
Jeremy Rosenberg, Assistant Vice President for IT and Chief Information Security Officer at Yale University

7 things you should do to improve your user’s security on eduroam

The eduroam Advisory Committee is setting new Baseline Expectations to make eduroam more secure, with a draft coming soon for community feedback. But you don’t have to wait to start improving your deployment.

Join Margaret Cullen and Josh Howlett, members of the eduroam US operations team, for this webinar focused on practical tips and quick wins to improve performance and security for your eduroam network.

They’ll share how to implement simple changes that reduce data leaks, promote privacy-preserving user behavior, and make it easier for eduroamers to seamlessly connect to your hotspot.

Speakers:
Margaret Cullen, Internet2 eduroam US Operations Team
Josh Howlett, Internet2 eduroam US Operations Team

Moderator:
Derek Eiler, Principal Systems Engineer, Nevada System of Higher Education & eduroam Advisory Committee member

Passkeys: What You Should Know and UMBC’s Implementation Journey (September 2024)

Paul Riddle, Senior Middleware Architect at University of Maryland Baltimore County (UMBC) and Drew Capener, Software Engineer at Omnibond, will provide an overview of passwordless authentication using passkeys, with special emphasis on deploying the technology in a research and education context. They’ll also discuss UMBC’s journey implementing passwordless authentication on their Shibboleth IDP using Omnibond’s passwordless plugin, OmniPasskey.

Speakers:

Paul Riddle, Senior Middleware Architect at University of Maryland Baltimore County (UMBC)
Drew Capener, Software Engineer at Omnibond

Implementing Grouper ABAC (July 2024)

Tune in to our July webinar featuring speakers from the University of Michigan. Join us to discover how they have leveraged Grouper ABAC for innovative access control solutions.

At the University of Michigan, we have found that Grouper ABAC allows us to provide access control groups for units that we could not have sustainably made or managed with reference groups and custom loaders. ABAC lets us keep the affiliation data fields in context, which is crucial for accurate access control. This enables distributed access control management while maintaining good auditability.

In conversations with other institutions, we learned that several other Grouper implementers were struggling with the same reference group conundrum that we faced. We would like to share our discoveries and processes to encourage other Grouper implementers to consider ABAC as well.

Speakers:
Gail Lift, Application Developer Lead
Bruce Timberlake, Application Systems Administrator Senior

Contributor:
Liam Hoekenga, Application Developer Senior

Check out our Speaker Spotlight for this webinar

Playbook – Effective Strategies for Cybersecurity, Digital Trust, and Community Engagement (June 2024)

Watch the recording | Download the slides

Join us for this exciting webinar featuring Dr. Donna Kidwell, CISO and Deputy CIO at University of Toronto, renowned for her expertise in cybersecurity, digital trust, and community engagement. Dr. Kidwell will delve into her recently released playbook, a comprehensive guide for navigating the complex world of digital trust.

Drawing on her experience at Arizona State University protecting over 177K students and 17K faculty from cybersecurity threats, Dr. Kidwell will share invaluable strategies for bolstering cybersecurity, building trust, and creating inclusive workplaces. From decision-making structures to procurement processes, this playbook offers practical insights for adapting to an increasingly digitized world. See the Playbook.

IAM 101 – The 2024 Edition (May 2024)

Get up to speed on Identity and Access Management (IAM) before InCommon BaseCAMP 2024! This webinar lays the groundwork for understanding IAM in the dynamic research and education landscape and tips and lessons learned around core principles, practices, and essential functions of a robust IAM program. Whether you’re a seasoned pro or a newcomer to the field, this session will provide valuable insights to help you navigate the complex landscape of IAM. Plus, this webinar is the ideal primer for those planning to attend BaseCAMP 2024.

Check out our Speaker Spotlight on Grady Bailey.

Speaker:

- Grady Bailey, Team Lead and Senior Software Engineer, University of Texas at Austin

InCommon Futures2: The Conversation Continues (April 2024)

Last month’s release of the InCommon Futures2 Report, “Promoting Digital Collaboration, marked an especially exciting and important time for IAM in the research and education community. The report represents the culmination of a strategic planning process we began in June 2023 to help guide a vibrant future for InCommon and explore the identity and access management (IAM) challenges facing the research and higher ed community.

With the community’s leadership, we developed a shared statement of direction and strategic objectives that will drive where our IAM capabilities collectively need to be in 2028. Kevin Morooney and Marc Wallman will present the final InCommon Futures2 report, review the implementation timeline, and answer questions around the InCommon plan to standardize tools and services used by our community. We encourage you to review the report’s Executive Summary before the webinar. You can also download the full report.

(This is an encore presentation of a session facilitated at the 2024 Internet2 Community Exchange in Chicago)

Speakers:

Marc Wallman, Vice President, Information Technology Division, North Dakota State University
Kevin Morooney, Vice President of Trust and Identity and NET+ Programs, Internet 2

Zero Trust: Identity’s Critical Role (March 2024)

Oregon State University’s Identity and access management team will discuss its implementation of Zero Trust through its “Smart Access” program. The Smart Access program enables a foundational capability to provide and secure appropriate access to data and systems. As part of the Smart Access program, Oregon State University completed an RFP, purchased a commercial IGA (Identity Governance and Access) system, and hired an implementation partner. Attendees will come away with an understanding of Zero Trust goals for a large R1 university and its approach to implementing Zero Trust principles.

Speakers:

Andy Morgan and Jason Peak, Analyst Programmers, IAM, Oregon State University

Moderator:

Tom Barton, InCommon Research Consultant, Internet2

The Year Ahead in IAM, the 2024 Edition: Ideas & Insights from InCommon Catalysts (February 2024)

Get an hour of insights from InCommon Catalysts. You’ll benefit from their expert analysis of how current trends in identity and access management will play out in the year ahead as well as their forecast for what’s next.

Speakers: Dedra Chamberlin, Cirrus Identity; Simona Simkova, Evolveum; Paul Hodgdon, Instrumental Identity; Jim VanLandeghem, Moran Technology Consulting; Drew Capener, Omnibond; Stephen Fox, Provision IAM; Charise Arrowood, Unicon; Netta Caligari, West Arete

Moderator: Ann West, Internet2

Multilateral Federation Guidance from Microsoft and Its Potential Impact on the R&E Community (January 2024)

When Microsoft published documentation and guidance on multilateral federation for Azure Active Directory (now Microsoft Entra ID) campuses last spring, it was the culmination of several years’ worth of collaboration between Microsoft, IAM industry providers, and the InCommon community. Listen to this discussion about its potential impact on the research and education community. Our speakers shared more about the significance of this milestone, how the R&E community worked together to make it happen, how two campuses integrated Entra ID and the Cirrus Identity Bridge for multilateral federation, and the possibility it will pave the way for R&E working more cooperatively with industry identity solutions.

Speakers: Corey Lee, Microsoft; David Warden & Jack Truckenmiller, SUNY Geneseo; Stephen L. Tycer & Selena Hriz, University of Arkansas

Moderator: Mary McKee, Cirrus Identity

eduroam Logs: Demo of Grafana with IAM (November 2023)

InCommon Catalysts Evolveum and Provision IAM, in collaboration with Internet2, deliver a live demonstration of using midPoint to manage authorized access to eduroam logs via Grafana/Loki. Administrators of eduroam that log into the Federation Manager can click over to a Grafana/Loki instance that lets them see their organizations’ logs based on what has been logged in the national infrastructure. Observe a comprehensive demonstration of integrating a new service with midPoint, illustrated on the eduroam log service. An analogous approach can be used for other Integrations.

Speakers: Matt Growden & Stephen Fox, Provision IAM; Paul Caskey & Johnny Lasker, Internet2;
Slavek Licehammer, Evolveum

Moderator: Brett Bieber, University of Nebraska, Chair – eduroam-US Advisory Committee

Case Study Showcase: Practical Applications of the InCommon TAP Components (October 2023)

Hear from institutions about their success deploying Shibboleth, Grouper, COmanage, and midPoint. Four of your peers gave lightning talks focusing on what worked and what didn’t as they deployed various components of the InCommon Trusted Access Platform. See what’s possible if you follow their do’s and avoid their don’ts!

Speakers: Grady Bailey, University of Texas Austin; Jeffrey Crawford, University of California, Los Angeles; Matthew Economou, Research Data and Communications Technologies; Jeremiah Haywood, Illinois State University

Purdue University’s IAM Modernization Success Story (September 2023)

Hear about the real outcomes of Purdue’s IAM modernization journey. Learn what worked, what did not, and how their team accomplished its goals. We discussed the different stages in the process from gathering initial requirements and negotiating political nuances to developing strategy and achieving tactical successes. Find out what’s needed to begin on your institution’s IAM modernization journey.

Speakers: Mandi L. Witkovsky, Director of Identity & Access Management, Purdue University

Moderator: Charise M. Arrowood, Executive Director, Business Development, InCommon Catalyst Unicon Inc.

How to Sirtfi – Going Beyond the Federation Security Checkbox (July 2023)

The InCommon Sirtfi Exercise Planning Working Group (SEPWG) offered a teaching session on what Sirtfi is, but went into more in depth as to how to institutionalize its practice in InCommon participants’ security teams. It’s more than publishing a security contact and checking the metadata box. It requires that security teams are familiar with federation and Sirtfi expectations, when in many organizations the security teams and the identity and access management (IAM) teams more used to dealing with InCommon and federation are not integrated. IT leaders and IAM teams got ideas on how they need to work with their security teams to make their organizations Sirtfiably Sirtfi’d.

Speakers: Kyle Lewis, co-chair, InCommon’s Sirtfi Exercise Planning Working Group (SEPWG) and vice president of cybersecurity strategy at InCommon Catalyst RDCT

Moderator: David Bantz, University of Alaska Statewide System, chair, InCommon Community Trust and Assurance Board (CTAB) and SEPWG co-chair

InCommon IAM 101 (June 2023)

This special edition of IAM Online provided an overview of the key aspects of identity and access management in R&E, including IAM as a practice in higher education and essential functions of an IAM practice.

It’s just the right webinar for you if you need a brief refresher or a current or new member of your team does. As a bonus, this session took place just a few weeks before InCommon BaseCAMP 2023. It’s a great primer for those attending that event.

Speakers: Benjamin Rappleyea, manager, Office of Identity and Access Management, Illinois State University

Moderator: Marta K. Lang, senior IT manager, Identity & Access Management, The University of Texas at Austin

InCommon’s Future: Get In On the Discussion (May 2023)

We provided a review of the current state of InCommon’s identity and access management tools and services and shared more about our implementation plan and timeline for future innovations. The InCommon Steering Committee is undertaking a strategic planning project (InCommon Futures 2.0) that will touch many community leaders in higher education IAM, and we need your input. Be a part of a discussion that will address where InCommon is heading this year, the expected outcomes associated with the InCommon Futures 2.0 planning process, the current state of the planning process, and next steps. (This is an encore presentation of a session facilitated at Internet2’s Community Exchange.)

Speakers: Marc Wallman, Vice President, Information Technology Division, North Dakota State University; Ann West, Associate Vice President, Trust & Identity, Internet2

Moderator: Kevin Morooney, Vice President of Trust and Identity and NET+ Programs, Internet2

Getting IAM Done. Better. Faster. Together. (April 2023)

Panelists shared their experiences with the InCommon Collaboration Success Program (CSP) program and how it is helping them to achieve their IAM goals. They discussed how they got involved with Internet2/InCommon and what led them to the Collaboration Success Program as well as sharing the highlights of their CSP project work. Attendees learned about the overall experience and benefits of participating in CSP.

Speakers: Erik Coleman, IAM Architect, University of Illinois – Urbana-Champaign; Anne Tacazon Interim Business Service Manager, Identity & Access Management, University of Washington

Moderator: Jean Chorazyczewski, InCommon Academy Director

Self-Sovereign ID: The Future of Learner, Teacher, and Researcher Credentials in the Academic Identity Landscape (March 2023)

Mobility and portability top the list of attributes today’s digital citizens expect from technologies they use in their everyday lives. With these attributes comes some degree of control over how they manage their digital identity. The overarching term used to describe this growing trend is self-sovereign identity (SSI), an approach to digital identity that gives individuals control over the information they use to prove who they are to websites, services, and applications across the web. In this regard, what are the implications – both opportunities and obstacles – for the research and education (R&E) community?

The discussion focused on the common challenges in implementing learner or researcher credentials using new technologies, including differences and similarities between the U.S. and Europe; the next steps that the R&E community needs to take to prepare for this future direction, how existing academic federations fit into this space, and what colleges and universities can do to begin preparing for this future.

Speakers: Niels van Dijk, Technical Product Manager, Trust & Security, SURFnet; Kerri Lemoie, Director of Technology, Digital Credentials Consortium, MIT

Moderator: Nicole Roy, Director of Technology and Strategy, InCommon

From Modernizing Our Use of Grouper to Provisioning with midPoint and Developing Standard Populations (February 2023)

Long-time users of Grouper, the IAM team at University of Wisconsin–Madison, played a key role in the university’s Interoperability Transformation Initiative, which aimed to modernize the ways people connect while managing digital infrastructure and services at pace and scale. One of its key outcomes was moving Grouper from on prem to hosting it in AWS. Now the team is in the process of implementing midPoint as a mechanism for offering campus stakeholders central provisioning and deprovisioning options and infrastructure. Additionally, the team has engaged in policy development to define standard populations for their campus constituents. Members of the UW–Madison IAM team will join us for IAM Online where they will share the strategy and methodology behind their work, including moving Grouper from on prem to the cloud, implementing midPoint for provisioning and deprovisioning, standardizing populations and migrating services to use new standards, and what aspects of the team’s approach might be applicable to your institution? Learn more and bring your questions.

Speakers: Abrianna Barca, associate director, Identity and Access Management; Ryan Larscheidt, IAM technical lead; Andrew Parmer, IAM technical lead; and Oakes Dobson, IAM engineer

Moderator: Erik Coleman, IAM Architect, University of Illinois – Urbana-Champaign

The Year Ahead in IAM: Ideas & Insights from InCommon Catalysts (January 2023)

We kicked off our 2023 IAM Online webinar series with an hour of insights from InCommon Catalysts. Attendees benefitted from their expert analysis of how current trends in identity and access management will play out in the year ahead as well as their forecast for what’s next.

Speakers: Jim Basney, CILogon; Dedra Chamberlin, Cirrus; Simona Simkova, Evolveum; Jim VanLandeghem, Moran Technology; Stephen Fox, Provision IAM; Charise Arrowood, Unicon; and Netta Caligari, West Arete

Moderator: Ann West, AVP – Trust & Identity, Internet2

Extending IAM to the Cloud: It’s Still Your Program (November 2022)

Watch the Video

Is your organization considering including cloud offerings in your identity and access management strategy (IAM) strategy? Maybe you’ve already extended your IAM program to include one or more cloud services. Maybe you’re just starting to consider options. No matter where you are today, it’s likely that your IAM program will include “the cloud” soon, and in fact you may be “in the cloud” now without fully realizing it.

Members of Internet2’s Community Architecture Committee for Trust and Identity (CACTI) discussed some of the important, but sometimes less obvious considerations to address when adding or moving to cloud-based IAM services. They looked at different approaches for utilizing the cloud in your IAM program, considered what capabilities they can offer, and what you’ll need to preserve locally, and discussed some of the community-supported resources that may help.

Speakers: Margaret Cullen, president & CEO, Painless Security, and Kevin Hickey, director of information security, University of Detroit Mercy

Moderator: Rob Carter, Consultant, Duke University

Going Password-Free at UNC: Design, Decisions, and Development (October 2022)

Watch the Video
University of North Carolina at Chapel Hill is on its way towards having passwordless logins. Seven months ago, the university launched a pilot to test its implementation of WebAuthn, known locally as Carolina Key. This new feature of the UNC web-based single sign-on (SSO) utilizes device-specific authentications, such as hardware security keys and fingerprint or face recognition. Carolina Key eliminates the need to use passwords when logging into many web applications. Students can begin registering devices for Carolina Key at the end of October while this option will be available for faculty and staff in 2023. Software Engineer Tariq Wilson discussed the design of, and key decisions made during, the development process. Learn how they might be applicable as you consider making passwordless authentication a reality at your institution.

eduroam: What’s New for You (September 2022)

Watch the Video
The last year has seen some big changes for the eduroam service, from new infrastructure to new user interface to new ways to deploy eduroam at scale for new communities. We provided you an overview of what’s changed, how it’s changed, and features and capabilities that are coming soon to your eduroam.

Lightning Strikes Twice: BaseCAMP 2022 Lightning Talk Videos (August 2022)

For this month’s IAM Online, we provided sessions from InCommon BaseCAMP 2022 held June 6-10, 2022. These videos were available for viewing in lieu of live programming:

DevOps in 10
Presenter: Dave Shafer, DevOps Manager, Trust and Identity, Internet2

Come for the Certificates, Stay for the Sirtfi
Presenter: Kyle Lewis, Chief of Governance and Risk Management, Research Data And Communication Technologies (RDCT)

TAP into Containers: Getting Started with the InCommon Trusted Access Platform
Presenter: Grady Bailey, Software Engineer, The University of Texas at Austin

Staying Engaged with Your Community
Presenter: Ann West, AVP, Trust & Identify, Internet2

Enjoy these great “strikes” of insight from BaseCAMP 2022!

Hello Passkey, Goodbye Passwords! (July 2022)

Watch the Video
What would it take to rid the world of passwords? This question has been asked for many years and led to standards like U2F, UAF, FIDO2, and WebAuthn. We’re now in 2022, adoption is still low, and 2FA phishing is on the rise. As an industry, we have all the pieces and plumbing, so how do we enable strong, phishing-resistant authentication for the masses who don’t have security keys?

We’ll look at the evolving landscape for strong, phishing-resistant authentication and take a deep dive on passkey—the experiences it enables and the standards that are making it possible. We’ll also have an open discussion on what this means for the education community.

Speaker: Tim Cappalli, Identity Standards Architect, Microsoft Identity

Moderator: Heather Flanagan, Technical Liaison for SeamlessAccess and Principal at Spherical Cow Consulting

The Collaboration Success Program: Getting IAM Done, Together (April 2022)

Watch the Video
Identity and Access Management (IAM) is a core component of an institution’s technical infrastructure. However, the journey of determining your path toward successful IAM implementation can be overwhelming at times. That’s where the Collaboration Success Program (CSP) comes in to help. Whether you are just starting to brainstorm your lAM roadmap or you’re ready to move your implementation plans forward, we have you covered with the CSP. Our presenters shared their experiences with how the program is helping them to achieve their IAM goals.

Where Innovation Meets Experience: The CIO Perspective on IAM (March 2022)

In an ever-changing higher education landscape, trust and identity are vital components for managing how researchers, students, librarians, staff, and others are identified, authenticated, and authorized to access tools and resources vital to their jobs. At the helm, those in information technology leadership positions are posed with an immense question – how do I make that happen at my institution? This in-depth webinar was held with chief information officers who have implemented identity and access management (IAM) solutions for strategic connections and collaboration across their campuses and beyond. They discussed how their IAM journey started, innovative solutions implemented by their teams, and what the future holds in the realm of identity.

Moderator: Kevin Morooney, vice president for Trust and Identity Services & NET+, Internet2

Panelists*:

Bernard Gulachek, vice president and chief information officer, University of Minnesota

Dave Robinson, chief information officer, Grinnell College

IAM Online: HECVAT 3.0 Launches…To Outer Space? (December 2021)