Executive summary

Background

One of the values of InCommon Federation in the U.S. is the ability to streamline access to shared applications for researchers and users from many InCommon-enabled institutions. Users at many institutions need access to collaboration platforms like on-premises Sharepoint, event management solutions like CVENT, or robust research data collection in REDCap.

Cirrus Identity makes that onramp into the global federated research community easier by providing solutions that connect shared research resources to the InCommon Federation and the global network of research and education federations, eduGAIN. Through these established, secure federated systems, researchers can use their home institutions’ username and password to access systems across the world, making it easier to collaborate.

Challenges

With grant funding and limited timelines, Research IT is challenged to quickly and efficiently find and implement technical solutions to meet the easy access needs of distributed research teams across many institutions. The research teams don’t have time to invest in developing and managing solutions that may no longer be required when the grant ends.

Solutions

Cirrus Identity has helped Duke University, EDUCAUSE, Children’s Hospital of Philadelphia, and UNC Chapel Hill quickly enable access to shared applications for researchers (and other users) from InCommon-member institutions. It’s easy to configure the Cirrus Identity Proxy, so researchers can use their home institution’s username and password to access the needed applications. Here are some of the capabilities and benefits:

• Access allocated with a click. Configuring the InCommon institutions that are allowed access is performed with a click of a checkbox in the “discovery service” panel of the Cirrus Identity console.
• Multiple ways to invite guests. Cirrus Identity supports multiple ways to invite a guest researcher to access a shared service provider or access can be just-in-time provisioned if the application can support that.
• Authentication with home SSO. Guest researchers can be linked to internal identifiers at the hosting institution so that they can authenticate with their home SSO service and not require a username and password at the hosting institution or Service Provider.
• Improved security. Security is improved since the home institutions will manage deprovisioning if a researcher/user leaves their institution.
• Flexibility in the cloud. The Cirrus Identity solution is a cloud hosted and managed SaaS solution that can be easily spun up and decommissioned for the life of a grant.

Impact

The Cirrus Identity Identity Provider Proxy is providing easy access to many institutions. In many cases, IT is limiting investment in on-prem, one-off technical solutions, so staff can focus on other priorities. The following institutions have quickly implemented the Cirrus Identity solution and are maximizing their participation in the InCommon Federation.

• The Duke Clinical Research Institute is providing on-prem Sharepoint access to researchers at more than 50 InCommon institutions.
• EDUCAUSE is providing access to more than 10 applications from more than 100 member InCommon institutions.
• Children’s Hospital of Philadelphia and The University of North Carolina, Chapel Hill are providing researchers access to REDCap.
• The University of Arkansas at Fayetteville provides access to OnDemand for researchers in Arkansas to access High Performance Research (HPC) resources.
• Teaching faculty and residency students at WVU Medicine don’t need to remember two usernames and passwords to access campus applications at the University of West Virginia.

Lessons learned

By using the Cirrus Identity Identity Provider Proxy to enable collaboration on their campuses, research programs can easily deploy cloud-based federated identity access technologies hosted in the cloud by a trusted partner in research and higher education. By outsourcing a highly configurable federated identity management solution, research teams can focus on their research initiatives and spend less time ramping up and ramping down locally hosted solutions.

Cirrus Identity was founded in 2013. Its engineering and customer support teams all have extensive experience in identity management on campuses like UC Berkeley, Stanford, Duke, University of Michigan, University of Wisconsin, and more. Even as the Cirrus team has grown over the past 10 years, it has maintained its roots in the research and education community.

A main goal of Cirrus Identity is to further the mission of higher education to expand knowledge by serving universities, non-profits, research organizations, healthcare institutions and more to help them further scholarship by supporting collaboration among global experts.

The InCommon Catalyst Program, launched in June 2021, assists higher education institutions, research organizations, and sponsored partners in their efforts to enable better security, access to services, and user experience through InCommon’s integrated service and software solutions. A group of industry leaders and Internet2 members that actively contribute to IAM within the R&E community, InCommon Catalysts offer a wide range of IAM support services. If you’re interested in leveraging the experience and expertise of an InCommon Catalyst to solve a particular challenge or devise a roadmap for a full IAM reboot, feel free to reach out directly.

–Back to the InCommon Catalyst Program