Two people talking to each other over their laptops.

IAM Online

InCommon Academy

IAM Online

Beginning with our November IAM Online webinar, we’re introducing a new improved registration process! Now, you’ll register for each webinar individually so we can deliver more relevant and engaging content tailored to your interests.

To register for upcoming webinars, visit our IAM Online webpage, where the latest webinar will be posted at the top with a registration link. Previous webinar recordings and resources are still available in our IAM Online Rewind section or on our YouTube channel.

Our Next Webinar

One Year In: InCommon’s Future

Wednesday, January 15 @ 1 p.m. ET

In March 2024, InCommon launched its ambitious Futures2 Strategy, aiming to become the trusted authority for Identity and Access Management (IAM) in Research and Education. This webinar reflects on the first year of progress, highlighting key initiatives such as the development of audience-specific resources to support teaching and learning, federal agencies compliance, and shared IAM architectures. Join us to explore lessons learned, successes achieved, and areas for continued focus as InCommon advances its 2028 vision of advancing secure, interoperable digital collaboration and resource sharing for Research and Higher Education.

Speakers:
Ann West, Associate Vice President, Trust & Identity, Internet2
Kevin Morooney, Vice President for Trust and Identity and NET+ Services, Internet2

Ideas for IAM Online

Send us your ideas for future IAM Online webinars! We welcome suggestions from community members who have a timely Identity and Access Management topic to share with their fellow IAM peers and/or would like to recommend a colleague to present.

Suggest an idea or topic

IAM Online Rewind

Recent IAM Online topics and recordings

Check out the YouTube IAM Online channel, in cooperation with our European partner GÉANT. Our most recent webinars are listed here.

IAM in Higher Ed: Balancing Security and Ease of Use

Download the slides

As social engineering attacks such as phishing, fraudulent password reset requests, and identity fraud become increasingly MORE FREQUENT AND sophisticated, universities must find ways to strengthen security without sacrificing user convenience. Help desk processes—often designed to be user-friendly—can be a prime target for exploitation, making the balance between security and convenience critical.

In this webinar, join Matt Morton, Assistant Vice President and CISO at the University of Chicago, along with Eric Zematis, CISO, and Forest Crowley, Security Architect/IAM Manager at Lehigh University, as they share their insights on combating these threats. Discover practical strategies and lessons learned from these two institutions and explore how you can protect your organization from social engineering threats without undermining the IAM user experience.

See the speaker spotlight

Speakers:
Matt Morton, Assistant Vice President and CISO | University of Chicago
Eric Zematis, CISO | Lehigh UniversityForest Crowley, Security Architect/IAM Manager | Lehigh University

Moderator:
Jeremy Rosenberg, Assistant Vice President for IT and Chief Information Security Officer at Yale University

7 things you should do to improve your user’s security on eduroam

Watch the Recording | Download the slides

The eduroam Advisory Committee is setting new Baseline Expectations to make eduroam more secure, with a draft coming soon for community feedback. But you don’t have to wait to start improving your deployment.

Join Margaret Cullen and Josh Howlett, members of the eduroam US operations team, for this webinar focused on practical tips and quick wins to improve performance and security for your eduroam network.

They’ll share how to implement simple changes that reduce data leaks, promote privacy-preserving user behavior, and make it easier for eduroamers to seamlessly connect to your hotspot.

See the speaker spotlight

Speakers:
Margaret Cullen, Internet2 eduroam US Operations Team
Josh Howlett, Internet2 eduroam US Operations Team

Moderator:
Derek Eiler, Principal Systems Engineer, Nevada System of Higher Education & eduroam Advisory Committee member

Passkeys: What You Should Know and UMBC’s Implementation Journey (September 2024)

Watch the Recording | Download the slides

Paul Riddle, Senior Middleware Architect at University of Maryland Baltimore County (UMBC) and Drew Capener, Software Engineer at Omnibond, will provide an overview of passwordless authentication using passkeys, with special emphasis on deploying the technology in a research and education context. They’ll also discuss UMBC’s journey implementing passwordless authentication on their Shibboleth IDP using Omnibond’s passwordless plugin, OmniPasskey.

Speakers:

Paul Riddle, Senior Middleware Architect at University of Maryland Baltimore County (UMBC)
Drew Capener, Software Engineer at Omnibond

Implementing Grouper ABAC (July 2024)

Watch the Recording | Download the slides

Tune in to our July webinar featuring speakers from the University of Michigan. Join us to discover how they have leveraged Grouper ABAC for innovative access control solutions.

At the University of Michigan, we have found that Grouper ABAC allows us to provide access control groups for units that we could not have sustainably made or managed with reference groups and custom loaders. ABAC lets us keep the affiliation data fields in context, which is crucial for accurate access control. This enables distributed access control management while maintaining good auditability.

In conversations with other institutions, we learned that several other Grouper implementers were struggling with the same reference group conundrum that we faced. We would like to share our discoveries and processes to encourage other Grouper implementers to consider ABAC as well.

Speakers:
Gail Lift, Application Developer Lead
Bruce Timberlake, Application Systems Administrator Senior

Contributor:
Liam Hoekenga, Application Developer Senior

Check out our Speaker Spotlight for this webinar

Playbook – Effective Strategies for Cybersecurity, Digital Trust, and Community Engagement (June 2024)

Watch the recording | Download the slides

Join us for this exciting webinar featuring Dr. Donna Kidwell, CISO and Deputy CIO at University of Toronto, renowned for her expertise in cybersecurity, digital trust, and community engagement. Dr. Kidwell will delve into her recently released playbook, a comprehensive guide for navigating the complex world of digital trust.

Drawing on her experience at Arizona State University protecting over 177K students and 17K faculty from cybersecurity threats, Dr. Kidwell will share invaluable strategies for bolstering cybersecurity, building trust, and creating inclusive workplaces. From decision-making structures to procurement processes, this playbook offers practical insights for adapting to an increasingly digitized world. See the Playbook.

IAM 101 – The 2024 Edition (May 2024)

Watch the recording|Download the slides

Get up to speed on Identity and Access Management (IAM) before InCommon BaseCAMP 2024! This webinar lays the groundwork for understanding IAM in the dynamic research and education landscape and tips and lessons learned around core principles, practices, and essential functions of a robust IAM program. Whether you’re a seasoned pro or a newcomer to the field, this session will provide valuable insights to help you navigate the complex landscape of IAM. Plus, this webinar is the ideal primer for those planning to attend BaseCAMP 2024.

Check out our Speaker Spotlight on Grady Bailey.

Speaker:

- Grady Bailey, Team Lead and Senior Software Engineer, University of Texas at Austin

InCommon Futures2: The Conversation Continues (April 2024)

Watch the recording|Download the slides

Last month’s release of the InCommon Futures2 Report, “Promoting Digital Collaboration, marked an especially exciting and important time for IAM in the research and education community. The report represents the culmination of a strategic planning process we began in June 2023 to help guide a vibrant future for InCommon and explore the identity and access management (IAM) challenges facing the research and higher ed community.

With the community’s leadership, we developed a shared statement of direction and strategic objectives that will drive where our IAM capabilities collectively need to be in 2028. Kevin Morooney and Marc Wallman will present the final InCommon Futures2 report, review the implementation timeline, and answer questions around the InCommon plan to standardize tools and services used by our community. We encourage you to review the report’s Executive Summary before the webinar. You can also download the full report.

(This is an encore presentation of a session facilitated at the 2024 Internet2 Community Exchange in Chicago)

Speakers:

Marc Wallman, Vice President, Information Technology Division, North Dakota State University
Kevin Morooney, Vice President of Trust and Identity and NET+ Programs, Internet 2

Zero Trust: Identity’s Critical Role (March 2024)

Watch the recording|Download the slides

Oregon State University’s Identity and access management team will discuss its implementation of Zero Trust through its “Smart Access” program. The Smart Access program enables a foundational capability to provide and secure appropriate access to data and systems. As part of the Smart Access program, Oregon State University completed an RFP, purchased a commercial IGA (Identity Governance and Access) system, and hired an implementation partner. Attendees will come away with an understanding of Zero Trust goals for a large R1 university and its approach to implementing Zero Trust principles.

Speakers:

Andy Morgan and Jason Peak, Analyst Programmers, IAM, Oregon State University

Moderator:

Tom Barton, InCommon Research Consultant, Internet2

The Year Ahead in IAM, the 2024 Edition: Ideas & Insights from InCommon Catalysts (February 2024)

Watch the recording|Download the slides

Get an hour of insights from InCommon Catalysts. You’ll benefit from their expert analysis of how current trends in identity and access management will play out in the year ahead as well as their forecast for what’s next.

Speakers: Dedra Chamberlin, Cirrus Identity; Simona Simkova, Evolveum; Paul Hodgdon, Instrumental Identity; Jim VanLandeghem, Moran Technology Consulting; Drew Capener, Omnibond; Stephen Fox, Provision IAM; Charise Arrowood, Unicon; Netta Caligari, West Arete

Moderator: Ann West, Internet2

Multilateral Federation Guidance from Microsoft and Its Potential Impact on the R&E Community (January 2024)

Watch the recording|Download the slides

When Microsoft published documentation and guidance on multilateral federation for Azure Active Directory (now Microsoft Entra ID) campuses last spring, it was the culmination of several years’ worth of collaboration between Microsoft, IAM industry providers, and the InCommon community. Listen to this discussion about its potential impact on the research and education community. Our speakers shared more about the significance of this milestone, how the R&E community worked together to make it happen, how two campuses integrated Entra ID and the Cirrus Identity Bridge for multilateral federation, and the possibility it will pave the way for R&E working more cooperatively with industry identity solutions.

Speakers: Corey Lee, Microsoft; David Warden & Jack Truckenmiller, SUNY Geneseo; Stephen L. Tycer & Selena Hriz, University of Arkansas

Moderator: Mary McKee, Cirrus Identity

eduroam Logs: Demo of Grafana with IAM (November 2023)

Watch the recording|Download the slides

InCommon Catalysts Evolveum and Provision IAM, in collaboration with Internet2, deliver a live demonstration of using midPoint to manage authorized access to eduroam logs via Grafana/Loki. Administrators of eduroam that log into the Federation Manager can click over to a Grafana/Loki instance that lets them see their organizations’ logs based on what has been logged in the national infrastructure. Observe a comprehensive demonstration of integrating a new service with midPoint, illustrated on the eduroam log service. An analogous approach can be used for other Integrations.

Speakers: Matt Growden & Stephen Fox, Provision IAM; Paul Caskey & Johnny Lasker, Internet2;
Slavek Licehammer, Evolveum

Moderator: Brett Bieber, University of Nebraska, Chair – eduroam-US Advisory Committee

Case Study Showcase: Practical Applications of the InCommon TAP Components (October 2023)

Watch the recording|Download the slides

Hear from institutions about their success deploying Shibboleth, Grouper, COmanage, and midPoint. Four of your peers gave lightning talks focusing on what worked and what didn’t as they deployed various components of the InCommon Trusted Access Platform. See what’s possible if you follow their do’s and avoid their don’ts!

Speakers: Grady Bailey, University of Texas Austin; Jeffrey Crawford, University of California, Los Angeles; Matthew Economou, Research Data and Communications Technologies; Jeremiah Haywood, Illinois State University

Purdue University’s IAM Modernization Success Story (September 2023)

Watch the recording|Download the slides

Hear about the real outcomes of Purdue’s IAM modernization journey. Learn what worked, what did not, and how their team accomplished its goals. We discussed the different stages in the process from gathering initial requirements and negotiating political nuances to developing strategy and achieving tactical successes. Find out what’s needed to begin on your institution’s IAM modernization journey.

Speakers: Mandi L. Witkovsky, Director of Identity & Access Management, Purdue University

Moderator: Charise M. Arrowood, Executive Director, Business Development, InCommon Catalyst Unicon Inc.

How to Sirtfi – Going Beyond the Federation Security Checkbox (July 2023)

Watch the recording|Download the slides

The InCommon Sirtfi Exercise Planning Working Group (SEPWG) offered a teaching session on what Sirtfi is, but went into more in depth as to how to institutionalize its practice in InCommon participants’ security teams. It’s more than publishing a security contact and checking the metadata box. It requires that security teams are familiar with federation and Sirtfi expectations, when in many organizations the security teams and the identity and access management (IAM) teams more used to dealing with InCommon and federation are not integrated. IT leaders and IAM teams got ideas on how they need to work with their security teams to make their organizations Sirtfiably Sirtfi’d.

Speakers: Kyle Lewis, co-chair, InCommon’s Sirtfi Exercise Planning Working Group (SEPWG) and vice president of cybersecurity strategy at InCommon Catalyst RDCT

Moderator: David Bantz, University of Alaska Statewide System, chair, InCommon Community Trust and Assurance Board (CTAB) and SEPWG co-chair

InCommon IAM 101 (June 2023)

Watch the recording|Download the slides

This special edition of IAM Online provided an overview of the key aspects of identity and access management in R&E, including IAM as a practice in higher education and essential functions of an IAM practice.

It’s just the right webinar for you if you need a brief refresher or a current or new member of your team does. As a bonus, this session took place just a few weeks before InCommon BaseCAMP 2023. It’s a great primer for those attending that event.

Speakers: Benjamin Rappleyea, manager, Office of Identity and Access Management, Illinois State University

Moderator: Marta K. Lang, senior IT manager, Identity & Access Management, The University of Texas at Austin

InCommon’s Future: Get In On the Discussion (May 2023)

Watch the recording|Download the slides

We provided a review of the current state of InCommon’s identity and access management tools and services and shared more about our implementation plan and timeline for future innovations. The InCommon Steering Committee is undertaking a strategic planning project (InCommon Futures 2.0) that will touch many community leaders in higher education IAM, and we need your input. Be a part of a discussion that will address where InCommon is heading this year, the expected outcomes associated with the InCommon Futures 2.0 planning process, the current state of the planning process, and next steps. (This is an encore presentation of a session facilitated at Internet2’s Community Exchange.)

Speakers: Marc Wallman, Vice President, Information Technology Division, North Dakota State University; Ann West, Associate Vice President, Trust & Identity, Internet2

Moderator: Kevin Morooney, Vice President of Trust and Identity and NET+ Programs, Internet2

Getting IAM Done. Better. Faster. Together. (April 2023)

Watch the recording|Download the slides

Panelists shared their experiences with the InCommon Collaboration Success Program (CSP) program and how it is helping them to achieve their IAM goals. They discussed how they got involved with Internet2/InCommon and what led them to the Collaboration Success Program as well as sharing the highlights of their CSP project work. Attendees learned about the overall experience and benefits of participating in CSP.

Speakers: Erik Coleman, IAM Architect, University of Illinois – Urbana-Champaign; Anne Tacazon Interim Business Service Manager, Identity & Access Management, University of Washington

Moderator: Jean Chorazyczewski, InCommon Academy Director

Self-Sovereign ID: The Future of Learner, Teacher, and Researcher Credentials in the Academic Identity Landscape (March 2023)

Watch the video

Mobility and portability top the list of attributes today’s digital citizens expect from technologies they use in their everyday lives. With these attributes comes some degree of control over how they manage their digital identity. The overarching term used to describe this growing trend is self-sovereign identity (SSI), an approach to digital identity that gives individuals control over the information they use to prove who they are to websites, services, and applications across the web. In this regard, what are the implications – both opportunities and obstacles – for the research and education (R&E) community?

The discussion focused on the common challenges in implementing learner or researcher credentials using new technologies, including differences and similarities between the U.S. and Europe; the next steps that the R&E community needs to take to prepare for this future direction, how existing academic federations fit into this space, and what colleges and universities can do to begin preparing for this future.

Speakers: Niels van Dijk, Technical Product Manager, Trust & Security, SURFnet; Kerri Lemoie, Director of Technology, Digital Credentials Consortium, MIT

Moderator: Nicole Roy, Director of Technology and Strategy, InCommon

From Modernizing Our Use of Grouper to Provisioning with midPoint and Developing Standard Populations (February 2023)

Watch the video

Long-time users of Grouper, the IAM team at University of Wisconsin–Madison, played a key role in the university’s Interoperability Transformation Initiative, which aimed to modernize the ways people connect while managing digital infrastructure and services at pace and scale. One of its key outcomes was moving Grouper from on prem to hosting it in AWS. Now the team is in the process of implementing midPoint as a mechanism for offering campus stakeholders central provisioning and deprovisioning options and infrastructure. Additionally, the team has engaged in policy development to define standard populations for their campus constituents. Members of the UW–Madison IAM team will join us for IAM Online where they will share the strategy and methodology behind their work, including moving Grouper from on prem to the cloud, implementing midPoint for provisioning and deprovisioning, standardizing populations and migrating services to use new standards, and what aspects of the team’s approach might be applicable to your institution? Learn more and bring your questions.

Speakers: Abrianna Barca, associate director, Identity and Access Management; Ryan Larscheidt, IAM technical lead; Andrew Parmer, IAM technical lead; and Oakes Dobson, IAM engineer

Moderator: Erik Coleman, IAM Architect, University of Illinois – Urbana-Champaign

The Year Ahead in IAM: Ideas & Insights from InCommon Catalysts (January 2023)

Watch the video

We kicked off our 2023 IAM Online webinar series with an hour of insights from InCommon Catalysts. Attendees benefitted from their expert analysis of how current trends in identity and access management will play out in the year ahead as well as their forecast for what’s next.

Speakers: Jim Basney, CILogon; Dedra Chamberlin, Cirrus; Simona Simkova, Evolveum; Jim VanLandeghem, Moran Technology; Stephen Fox, Provision IAM; Charise Arrowood, Unicon; and Netta Caligari, West Arete

Moderator: Ann West, AVP – Trust & Identity, Internet2

Extending IAM to the Cloud: It’s Still Your Program (November 2022)

Watch the Video

Is your organization considering including cloud offerings in your identity and access management strategy (IAM) strategy? Maybe you’ve already extended your IAM program to include one or more cloud services. Maybe you’re just starting to consider options. No matter where you are today, it’s likely that your IAM program will include “the cloud” soon, and in fact you may be “in the cloud” now without fully realizing it.

Members of Internet2’s Community Architecture Committee for Trust and Identity (CACTI) discussed some of the important, but sometimes less obvious considerations to address when adding or moving to cloud-based IAM services. They looked at different approaches for utilizing the cloud in your IAM program, considered what capabilities they can offer, and what you’ll need to preserve locally, and discussed some of the community-supported resources that may help.

Speakers: Margaret Cullen, president & CEO, Painless Security, and Kevin Hickey, director of information security, University of Detroit Mercy

Moderator: Rob Carter, Consultant, Duke University

Going Password-Free at UNC: Design, Decisions, and Development (October 2022)

Watch the Video
University of North Carolina at Chapel Hill is on its way towards having passwordless logins. Seven months ago, the university launched a pilot to test its implementation of WebAuthn, known locally as Carolina Key. This new feature of the UNC web-based single sign-on (SSO) utilizes device-specific authentications, such as hardware security keys and fingerprint or face recognition. Carolina Key eliminates the need to use passwords when logging into many web applications. Students can begin registering devices for Carolina Key at the end of October while this option will be available for faculty and staff in 2023. Software Engineer Tariq Wilson discussed the design of, and key decisions made during, the development process. Learn how they might be applicable as you consider making passwordless authentication a reality at your institution.

eduroam: What’s New for You (September 2022)

Watch the Video
The last year has seen some big changes for the eduroam service, from new infrastructure to new user interface to new ways to deploy eduroam at scale for new communities. We provided you an overview of what’s changed, how it’s changed, and features and capabilities that are coming soon to your eduroam.

Lightning Strikes Twice: BaseCAMP 2022 Lightning Talk Videos (August 2022)

For this month’s IAM Online, we provided sessions from InCommon BaseCAMP 2022 held June 6-10, 2022. These videos were available for viewing in lieu of live programming:

DevOps in 10
Presenter: Dave Shafer, DevOps Manager, Trust and Identity, Internet2

Come for the Certificates, Stay for the Sirtfi
Presenter: Kyle Lewis, Chief of Governance and Risk Management, Research Data And Communication Technologies (RDCT)

TAP into Containers: Getting Started with the InCommon Trusted Access Platform
Presenter: Grady Bailey, Software Engineer, The University of Texas at Austin

Staying Engaged with Your Community
Presenter: Ann West, AVP, Trust & Identify, Internet2

Enjoy these great “strikes” of insight from BaseCAMP 2022!

Hello Passkey, Goodbye Passwords! (July 2022)

Watch the Video
What would it take to rid the world of passwords? This question has been asked for many years and led to standards like U2F, UAF, FIDO2, and WebAuthn. We’re now in 2022, adoption is still low, and 2FA phishing is on the rise. As an industry, we have all the pieces and plumbing, so how do we enable strong, phishing-resistant authentication for the masses who don’t have security keys?

We’ll look at the evolving landscape for strong, phishing-resistant authentication and take a deep dive on passkey—the experiences it enables and the standards that are making it possible. We’ll also have an open discussion on what this means for the education community.

Speaker: Tim Cappalli, Identity Standards Architect, Microsoft Identity

Moderator: Heather Flanagan, Technical Liaison for SeamlessAccess and Principal at Spherical Cow Consulting

The Collaboration Success Program: Getting IAM Done, Together (April 2022)

Watch the Video
Identity and Access Management (IAM) is a core component of an institution’s technical infrastructure. However, the journey of determining your path toward successful IAM implementation can be overwhelming at times. That’s where the Collaboration Success Program (CSP) comes in to help. Whether you are just starting to brainstorm your lAM roadmap or you’re ready to move your implementation plans forward, we have you covered with the CSP. Our presenters shared their experiences with how the program is helping them to achieve their IAM goals.

Where Innovation Meets Experience: The CIO Perspective on IAM (March 2022)

Watch the video

In an ever-changing higher education landscape, trust and identity are vital components for managing how researchers, students, librarians, staff, and others are identified, authenticated, and authorized to access tools and resources vital to their jobs. At the helm, those in information technology leadership positions are posed with an immense question – how do I make that happen at my institution? This in-depth webinar was held with chief information officers who have implemented identity and access management (IAM) solutions for strategic connections and collaboration across their campuses and beyond. They discussed how their IAM journey started, innovative solutions implemented by their teams, and what the future holds in the realm of identity.

Moderator: Kevin Morooney, vice president for Trust and Identity Services & NET+, Internet2

Panelists*:

Bernard Gulachek, vice president and chief information officer, University of Minnesota

Dave Robinson, chief information officer, Grinnell College

IAM Online: HECVAT 3.0 Launches…To Outer Space? (December 2021)

Watch the video

This month’s IAM Online event consisted of Higher Education Community Vendor Assessment Toolkit (HECVAT), which is an outstanding example of “community good.” Begun in 2016 as the EDUCAUSE Shared Assessments Working Group, the HECVAT has morphed into the go-to toolkit for third-party, cloud, on-prem, and supply chain risk assessments in higher education. This year, 2021, is a transformational year for the HECVAT. The HECVAT team partnered with InCommon TAC on updating the HECVAT questions in 2021. IAM Online this month went over HECVAT, the IAM questions, and how the InCommon Community can engage with their campuses on the cloud.

Speakers: Jon Allen, Associate Vice President CIO & CISO – Baylor University;
Josh Callahan, Information Security Officer – Humboldt State University;
Charlie Escue, Manager, Extended Information Security – Indiana University;
Brian Kelly, Cybersecurity Program Director – EDUCAUSE;
Nick Lewis, Program Manager, NET+ Cloud Services – Security and Identity – Internet2;
Mary McKee, Director, Identity Management and Security Services – Duke University.

Browser Changes and the Impact on Federated Identity (November 2021)

View the presentation | Watch the video

Over the last few years, we have all observed how browsers have stepped up to support user privacy. Unfortunately, that is coming at a significant cost for things like Single Sign-on and Federated Identity. In this session, we talked about the latest changes, timelines, and how individuals and organizations can learn more and prepare their services for the changing landscape.

Speaker: Heather Flanagan, Technical Liaison for SeamlessAccess; Principal at Spherical Cow Consulting

Watch Featured Videos From CAMP and ACAMP 2021 (October 2021)

For this month’s IAM Online, we provided sessions from from CAMP WEEK held Oct. 4-8, 2021. These videos were available for viewing in lieu of live programming:

Hosted Solutions, Federation Adapters, Evaluating Cloud Solutions

NIH and You: MFA, Identity Assurance, and Coming Requirements

You’re the Boss! Getting Involved with InCommon Community Groups (September 2021)

View the recording | Download the slides

Are you wondering how some of the decisions are made for the products and services coming out of InCommon? Would you like to get more involved or just learn about upcoming plans and how to provide input? In this IAM Online, that’s exactly what you’ll learn about. Presenters sthe work plans and upcoming projects from each of the InCommon working groups and ways that you can be part of the action.

Secrets, Supply Chains, and Securing Trust in the New Normal (August 2021)

View the recording | Download the slides

Trust and security are what we live and breathe in our community. Many will recall the SolarWinds incident from late 2020, and the discussion of “golden tickets” and other downstream impacts that permeated the cybersecurity world. Members of the Internet2 Community Architecture Committee for Trust and Identity (CACTI) held an R&E community-focused discussion on impacts and paths forward, including what the community can do to help itself prevent these types of attacks against our own software, infrastructure, and deployments.

CILogon: Enabling Federated Access to Cyberinfrastructure (July 2021)

View the recording | Download the slides

In this IAM Online session, Jim Basney and Scott Koranda from the CILogon project at the University of Illinois provided an introduction to the current CILogon open source IAM-as-a-Service platform (using COmanage, Grouper, pyFF, SATOSA, and Shibboleth) and described CILogon’s multiple cloud provider integrations for NSF CloudBank and CILogon’s Gen3/GA4GH integrations for Australian BioCommons, in collaboration with the Australian Access Federation.

One Opportunity, Three IAM Approaches (June 2021)

This online event featured IAM super trio Tommy Doan of Southern Methodist University; Lacey Vickery of the University of North Carolina-Charlotte; and Keith Wessel of the University of Illinois-Urbana-Champaign. They shared how the Collaboration Success Program helped them to make headway on their recent projects and roadmaps.

Increasing Identity Assurance and Improving NIH Readiness (May 2021)

Wednesday, May 12, 2021

The National Institutes of Health (NIH) has publicized new requirements (MFA and Research & Scholarship attributes) for accessing its electronic Research Administration modules, but has also signaled coming changes to identity proofing and assurance for other applications; specifically using the REFEDS Assurance Framework (RAF v1) (https://refeds.org/assurance).

As a result, the InCommon Assured Access Working Group (AAWG) has developed guidance for US higher-ed institutions on meeting the REFEDS Assurance Framework. The May IAM Online provided a summary of the recommendations so you can begin working on your own campus on increasing your identity assurance and meeting new requirements from NIH programs and services.

Presenters

Brett Bieber, University of Nebraska; chair, InCommon Assured Access Working Group
Tom Barton, University of Chicago and Internet2

National Institutes of Health and Identity Management Requirements (April 2021)

Download the slides

View the recording (YouTube)

The April IAM Online features a discussion of new and ongoing requirements for federating with the National Institutes of Health, and a look at an InCommon working group developing related guidance on identity proofing and authentication requirements.

Use multi-factor authentication – NIH has announced a requirement to use multi-factor authentication for its electronic Research Administration module, effective September 15, 2021. Speakers will address why it is important to implement MFA and allow your faculty and researchers to use their federated home credentials with this and other NIH applications.
Adopt the Research and Scholarship Category – While required by NIH for a year, learn why adopting the Research and Scholarship category and releasing three directory information data elements will help with both NIH and other research services.
Demonstrate level of identity proofing and assurance – While there is no deadline set yet, NIH has signaled that some applications will require identity providers to demonstrate a certain level of identity proofing and assurance.The InCommon Assured Access Working Group is developing guidance to help academic institutions implement the REFEDS Assurance Framework, which NIH has chosen to support their identity-proofing and authentication requirements.

eduroam (US) Best Practices Guide (March 2021)

View the video (YouTube)

The March IAM Online webinar featured an overview and discussion of the newly minted eduroam (US) Best Practices Guide, produced by the eduroam-US Advisory Committee. The guide examines tools and strategies for deploying and running eduroam in an interoperable and scalable way. Authors of the guide discusseds the origins, development, and content of the guide.

Presenters
Andrew Buker, University of Nebraska
Jeff Egly, Utah Education and Telehealth Network
Rob Gorrell, University of North Carolina at Greensboro
Neil Johnson, University of Iowa
Kim Owen, North Dakota State University
Mike Zawacki, Internet2, moderator

Growing an Identity and Access Management Team (February 2021)

Slide deck (PDF)
Recorded session (links to YouTube)

Are you considering reorganizing, reorienting, or expanding your IAM team? Or would you like to make that case?

Tune in to the February IAM Online and hear how and why the University of Minnesota expanded its Identity and Access Management team from three to eighteen and counting. From CIO Bernie Gulechek to the IAM boots on the ground, you’ll hear about the organizational journey and experience the highs and lows of our evolving structure. Even if you aren’t thinking about this right now, the webinar could spark ideas on how your campus team could be organized.

Presenters
Christopher Bongaarts, Identity and Access Management, University of Minnesota
KT Cragg, Product Owner, Access & Active Directory Teams, University of Minnesota
Bernard Gulechek, VP and CIO, University of Minnesota
Kevin Morooney, Internet2 (moderator)

NSF and Campus Cyberinfrastructure Plans: Enabling Access for Academic Collaborations (January 2021)

The National Science Foundation has announced another Campus Cyberinfrastructure funding program and it again includes InCommon Federation requirements. Are you planning to respond to the National Science Foundation Campus Cyberinfrastructure (CC*) solicitation? Looking to better support inter-institutional academic collaboration? Would you like information on including federation capabilities to your cyberinfrastructure plans?

If you answer “yes” or even “maybe” to any of these questions, join us for a webinar to learn more about developing Campus Cyberinfrastrcture (CI) plans and how to support the InCommon Federation requirements. Three organizations will share their previously funded CI plans.

Presenters

Tom Barton, University of Chicago and Internet2
Klara Jelinkova, Vice President for International Operations and IT, Rice University
Marc Wallman, Vice President for Information Technology, North Dakota State University

Safer Illinois App: Testing, Tracing, Access in the Face of COVID-19 (November 2020)

Download the slides (PDF)
View the recording (YouTube)

Everyone has wrestled with the various aspects of COVID-19, including reopening of campuses and businesses and the resulting need for testing and tracing, and related concerns such as building access and monitoring. The University of Illinois built the Safer Illinois application to support the university community during COVID-19. The app features personalized testing locations and results, verification of building access, and optional alerts to notify an individual of possible exposures.

Presenters

Edward Delaporte, Manager, Cybersecurity Software Development & Assurance, University of Illinois
Isaac Galvan, Senior Application Developer, University of Illinois
Keith Wessel, IAM Architect, University of Illinois

Community Voices: Moving IAM Forward (October 2020)

View the recording (YouTube)

In our new virtual world created by COVID, we have webinars and Zoom calls and virtual conferences, but we don’t have those hallway spaces for people to tell their individual stories on how they got involved in the community and how you can, too.

This IAM Online will focus on the origin stories of our community members: why they got involved and the benefits of working together to solve common issues and challenges. You will also hear about how the IAM community organizes itself through InCommon to explore issues and solutions.

Presenters

Judith Bush, OCLC
Rob Carter, Duke University
Tommy Doan, Southern Methodist University
Rob Gorrell, University of North Carolina at Greensboro
Jon Miner, University of Wisconsin-Madison
Laura Paglione, Spherical Cow Group
Jessica Fink, InCommon/Internet2 (moderator)

Hiring for Identity and Access Management (June 2020)

Download the slides (PDF)
View the recording (You Tube)

How do we hire for Identity and Access Management? The work requires a wide and diverse skillset and the qualified people already have jobs. Additionally, the COVID-19 pandemic has brought new IAM and budget challenges to higher education, so existing employees are being asked to retrain in these areas.

This webinar will dive into hiring people with the right skills to adapt and learn from the CIO perspective, the core skills to get folks started in IAM from the hiring manager perspective, as well as education and training options to bring new hires up to speed.

Presenters

Kirk Kelly, Vice President for Information Technology and CIO, Portland State University
Erica Lomax, Director of Identity and Access, Oregon State University
Jessica Fink, InCommon Advocacy Program Manager
Heather Flanagan, IDPro
Kevin Morooney, Vice President for Trust and Identity and NET+, Internet2 (Moderator)

How Do YOU Use eduroam? (May 2020)

Download the slides (PDF)
View the archived webinar (YouTube)

Wi-Fi access has become critical for universities all over the world. Many research and education organizations have turned to eduroam – the global roaming WiFi service – to help students, faculty, staff, and visitors participate in online learning, research, working, and socializing.

This special edition of IAM Online provides a look at how three organizations have leveraged eduroam to meet these new and emerging needs.

The Utah Education and Telehealth Network (UETN) recently completed a pilot to provide eduroam at K-12 school districts – a pilot that is now paying dividends
The University of Florida has deployed eduroam in some public locations to serve its constituents
The University of Delaware is developing ways to provide enhanced mapping of eduroam hotspots to their community

Attend this IAM Online and learn how these organizations are creatively expanding the use and deployment of eduroam.

Moderator
Mike Zawacki, Internet2

Presenters
Saira Hasnain, University of Florida
Sharon Pitt, University of Delaware
Jeff Egly, UETN

Simplifying Federated Access to Scholarly Content and Services (May 2020)

May 13, 2020

View the slides (PDF)
View the recording (YouTube) (note – the slides freeze partway through, but audio is available throughout)

Federated access to scholarly content and services for campus users is more important than ever. Campus stakeholders have vested interested in seeing this done well, but often use different language and focus on different aspects of the technology. This webinar will highlight how different groups on campus are approaching support for users and how the scholarly communications industry is using federated technology like SeamlessAccess and GetFTR to enable access.

Moderator
Heather Flanagan

Speakers:
Lisa Hinchliffe – Professor/Coordinator for Information Literacy Services and Instruction in the University Library, University of Illinois at Urbana-Champaign.

Ralph Youngen – In his current role at the American Chemical Society, Ralph focuses both on internal technology strategy and external partnerships for the benefit of ACS Publications and the broader research community.

Implementing Two-Factor Authentication – Lessons Learned (April 2020)

April 8, 2020

Download the slides (PDF)
View the recorded session (YouTube)

Two-factor authentication provides a straightforward way to increase the security of online systems and resources. Implementation may not be as straightforward. Join this IAM Online to hear about the implementation challenges and successes, including adopting the technology, by three community members.

The webinar builds on a recent paper developed by a number of community members through the EDUCAUSE Higher Education Information Security Council, and provides an interactive platform to engage with the authors.

Moderator
Tom Barton, University of Chicago and Internet2

Presenters
Lorrie Burroughs, Georgia Institute of Technology
Hank Foss, Sacred Heart University
Moeen Taj, Montgomery College

Case Studies – Solving IAM Challenges with Community-Built Software (March 2020)

March 11, 2020

View the recorded webinar (YouTube – approximately 36 minutes)
Download the slides (PDF)

Are you interested in how community-built software and services can solve your identity and access management challenges — such as lifecycle management or easing provisioning and deprovisioning concerns? Learn how organizations are solving these and other challenges in this IAM Online. We’ll bring you three case studies from schools participating in InCommon’s 2020 Collaboration Success Program (CSP).

These organizations have access to training, software experts and (most important) one-another as they work through adoption and implementation. They are using the InCommon Trusted Access Platform, the community-developed identity and access management suite.

You’ll hear about:

an identity and lifecycle management project and how midPoint will play an integral part
an access management use case and how Grouper is saving the day
demonstrating how the software can contribute to the development of a long-term IAM roadmap

Presenters

Tommy Doan, Southern Methodist University
Ethan Kromhout, University of North Carolina – Chapel Hill
Lacey Vickery, University of North Carolina – Charlotte

Moderator

Keith Hazelton, Internet2

Community Plans and Priorities for 2020 (February 2020)

February 12, 2020

Download the slides (PDF)
View the archived webinar (YouTube)

Do you wonder where the next set of identity and access management priorities and features come from? Would you like to know what’s in the works for 2020?

Key InCommon advisory groups develop work plans each year, inviting comments and suggestions from community members. Join us for this IAM Online to hear about the service enhancements that might be coming down the pike.

The InCommon Technical Advisory Committee (TAC) provides recommendations relating to the operation and management of InCommon Federation with respect to technical issues
The InCommon Community Trust and Assurance Board (CTAB) represents the InCommon community in trust and assurance related programs and initiatives
The Community Architecture Committee for Trust and Identity (CACTI) is an architecture strategy group of community members representing a broad range of education and research.

The chairs of each of these key advisory groups will discuss work plans for 2020 and how those might impact InCommon and the broad identity and access management community.
—–
Moderator
Kevin Morooney, Vice President for Trust and Identity Services and NET+, Internet2

Presenters
David Bantz, University of Alaska (CTAB)
Janemarie Duh, Lafayette College (TAC)
Tom Jordan, University of Wisconsin-Madison (CACTI)

Passwordless Authentication with Shibboleth and WebAuthN (January 2020)

January 15, 2020

Download the slides (PDF)
View the recording (YouTube)

Our first IAM Online of 2020 will provide another method of passwordless authentication; this one developed by Duke University.

Duke has integrated its Shibboleth Identity Provider with WebAuthn to allow one-step, passwordless multi-factor authentication. In this session we’ll discuss the evolution of this pilot, including:

Initial drivers
Proof of concept
Early release
Iterations, the feedback they generated, and resulting changes

For each of these phases, we’ll discuss challenges, lessons learned, and policy decisions that helped us move forward. We’ll wrap up with recommendations about how to make passwordless authentication a reality at your institution, including some thoughts about technical and political challenges and strategies for moving through those issues.

—–
Presenters
Mary McKee, Duke University
Shilen Patel, Duke University

Baseline Expectations v2 – Continuing to Raise the Bar (Dec. 2019)

December 4, 2019

Earlier this year, InCommon participants reached 100% adherence to Baseline Expectations for Trust in Federation, a community-driven effort to raise the trust in the InCommon Federation by requiring certain practices and elements in metadata.

The InCommon Community Trust and Assurance Board (CTAB) has begun plans for the second round of Baseline Expectations. After surveying the community and extensive discussions, CTAB is ready to propose Baseline version 2. Join us to hear about the process and the potential requirements.

Presenters
David Bantz, University of Alaska 
Albert Wu, InCommon Federation Service Manager

Going Passwordless at Stanford (Nov. 2019)

November 13, 2019

Download the slides
View the recording (YouTube)

Capping a multi-year effort to move away from passwords, Stanford University has deployed the final component: client certificates that strongly authenticate both the user and the device. This process is integrated with the university’s Shibboleth identity provider and also requires a two-factor login once every 90 days.

Michael Duff, chief information security officer at Stanford, will describe why the university took this approach and lessons learned during the journey. He will also discuss the underlying systems and key design decisions mode over the six-year project. Join us to hear this story of “safer and simpler computing,” which dramatically improves security and the user experience.

Presenters

Michael Duff, Stanford University
Tom Barton (moderator), University of Chicago and Internet2

Containerization: Streamlining Operations and Reducing Downtime (October 2019)

October 9, 2019

Download the slides (PDF)
View the recording

What is all the fuss about Docker and containers, anyhow? What are the advantages of using containerized versions of Shibboleth and Grouper provided by the InCommon Trusted Access Platform? Why might you want to “Dockerize” other in-house applications and services? How can you get started?

Learn how the University of Maryland Baltimore County (UMBC) streamlined operations and reduced downtime by moving the Shibboleth Identity Provider from standalone VMs to Docker containers. We’ll discuss what motivated this, how UMBC introduced Docker to its existing environment, how they ultimately transitioned to a container-only deployment, and what’s ahead. Hear about UMBC’s initial roll-out of Grouper using the InCommon Trusted Access Platform and plans to migrate the campus ERP software (PeopleSoft) to containers.

Real-world Experience Moving IdM to the Cloud at Illinois (Sept 2019)

Download the slides (PDF)
View the recording (YouTube)

September 11, 2019

Are you considering moving some or all of your identity management infrastructure to the cloud? Want to know more about using containerized software?

Learn how Illinois chose their path to leverage “the cloud” and their “cloud-first” strategy. The implementation team at the University of Illinois at Urbana-Champaign will share their path to deployment of access management software in the cloud. What started as a Grouper product evaluation led to adapting the InCommon Trusted Access Platform into a continuous integration and continuous development “DevOps” process using low- or no-cost open-source tools.

Hear about the successful deployment of Grouper and planned migration of the Shibboleth IdP infrastructure to Docker containers in AWS using the Elastic Container Service “Fargate.” This presentation revisits our popular presentation and demo at the 2018 Internet2 Global Summit as an update of sorts with our current state of affairs.

Presenters

Erik Coleman, University of Illinois at Urbana-Champaign
Keith Wessel, University of Illinois at Urbana-Champaign

We’re moving your metadata, not your cheese – a webinar on the release of the production candidate service (July 2019)

July 9, 2019

InCommon moves its new metadata service into production on July 9 (as a release candidate for early adoption). This new service – called per-entity metadata or metadata query (MDQ) – will significantly reduce resource utilization on participants’ federation deployments by providing a new way to retrieve metadata.

Download the slides (PDF)

Recording not available

Shibboleth development roadmap and consortium update (April 2019)

Wednesday, April 10, 2019

View the recording (YouTube)
Download the slides

The Shibboleth Consortium is an international non-profit consortium that is responsible for the development, support, maintenance, and strategic direction of the Shibboleth software, which is prevalent in InCommon and federations worldwide.

In the two years since the Consortium was last presented at IAM Online, its membership has grown significantly, largely from US institutions joining. The growth in membership has placed the Consortium on a stronger financial footing, and enabled expansion in the development team.

As we move into the second quarter of 2019, this webinar will provide a short update on the status of the Consortium before moving to present the Shibboleth development roadmap for the next 12 months, seeking feedback from the community of users.

Presenters

Scott Cantor (Ohio State), Shibboleth Developer and Board Member
Justin Knight (Jisc), Shibboleth Consortium Manager

CILogon and eduTEAMS: Collaboration and virtual organizations made easy (March 2019)

March 20, 2019

View the recording (YouTube)

Are you interested in exploring ways that federation and identity management can be easier for research projects, virtual organizations, and other collaborations? Join us to learn about two new services: CILogon’s subscription federated identity platform, and GÉANT’s eduTEAMS service for managing user membership and access rights.

CILogon’s new subscription service offers a hosted federated identity and collaboration management platform for research projects on campus. Developed under funding from the National Science Foundation and the Department of Energy, CILogon’s open source software-as-a-service platform builds on the Shibboleth and COmanage software.

Leveraging the ubiquitous presence of eduGAIN federated identities, eduTEAMS – a service provided by GÉANT – enables communities to securely access and share common resources and services. Implementing the AARC Blueprint Architecture, eduTEAMS provides a central point for communities to manage user membership and access rights, connect services and identity providers and centrally apply access policies.

Presenters

Tom Barton, Moderator, University of Chicago and Internet2
Jim Basney, Senior Research Scientist, National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign
Christos Kanellopoulos, Senior Trust and Identity Manager, GÉANT

OpenID Connect and OAuth in the R&E community (Dec. 2018)

December 12, 2018

View the recording (YouTube)
Download the slides

How are trust and identity initiatives shaping the adoption of OpenID Connect (OIDC) and OAuth 2.0 technologies within and for the research and education community? How can home organizations and research projects ensure these technologies deliver what we need for use cases involving multiple institutions? Llearn how InCommon, REFEDS, GÉANT, and others are coordinating efforts to influence the evolution of these technologies, including the creation of a R&E working group within the OpenID Foundation. Attendees will learn practical ways to navigate this landscape, with recommended actions to plan for in 2019.

Presenters

Rachana Ananthakrishnan, Globus
Roland Hedberg, Catalogix
David Vaghetti, Consortium GARR
Albert Wu, InCommon/Internet2

Moderator

Nathan Dors, University of Washington

IAM Access Governance and Grouper 2.4 (Sept. 2018)

September 12, 2018

View the recording (YouTube)
Download the slides

Interested in the Internet2 IAM software suite (a.k.a. TIER)? Planning on deploying or upgrading Grouper? Join us for the next IAM Online, which will focus on the TIER access governance strategy described in the Grouper Deployment Guide, a comprehensive document developed collaboratively by and for the trust and identity community.

Bill Thompson will lead you through these topics and touch on the container-based architecture of the Internet2 TIER packaged software. In addition, Chris Hyzer will touch on the features and changes in the new Grouper release (v2.4).

Presenters

Chris Hyzer, University of Pennsylvania
Bill Thompson, Lafayette College

Moderator

Michael Gettes, University of Florida

Identity Matching: How to know who’s who (Aug. 2018)

August 8, 2018

View the recording (YouTube)
Download the slides

Identity Matching is an essential part of any institution’s identity management processes. When a new student or employee enters the system, are they already known from a previous affiliation? What if an error is corrected later in their identity data? How does the system detect possible duplicate identities later? Doing identity matching well is really hard, but preventing duplicate identities or cases of mistaken identity can lead to some sticky situations.

In this IAM Online, you’ll hear from two speakers with ideas to help you improve your identity matching practices. Summer Scanlan will talk about some of the procedures used at the University of California, Berkeley for identity matching and her work to continue to improve them. Ben Oshrin from Spherical Cow Group will explain the technology behind identity matching and give a sneak peek at identity matching work coming out of Internet2’s TIER initiative.

Presenters

Benn Oshrin, Spherical Cow Group
Summer Scanlan, University of California, Berkeley

Moderator:

Keith Wessel, University of Illinois at Urbana-Champaign