Estimated reading time: 3 minutes
Learn More About How Recent Microsoft Announcement Signals a Win for Research and Education Institutions Using Microsoft Entra ID as Their Identity Provider
Edited By Apryl Motley – InCommon Communications Lead
In spring 2023, Microsoft published documentation and guidance on multilateral federation for Azure AD/Entra ID campuses – including information about solutions like Shibboleth and the Cirrus Identity SAML and CAS Bridge. As part of its monthly webinar series, IAM Online, InCommon is hosting a community discussion, “Multilateral Federation Guidance from Microsoft and Its Potential Impact on the R&E Community,” on January 17, 2024 at 1 p.m. ET.
David Warden, senior systems analyst and managing director of Research Technology, and Jack Truckenmiller, systems analyst, from the State University of New York (SUNY), Geneseo will be our featured speakers. With first-hand knowledge, they will discuss their Cirrus Identity SAML and CAS Bridge integration with Microsoft Entra ID and InCommon. Here’s their take on what their peers will gain from their presentation.
Q: What do you hope attendees will learn about implementing the Cirrus Identity SAML Bridge for InCommon and the OIT Federation Services for SUNY institutions?
A: First, we hope attendees will understand that it’s not difficult to implement the Cirrus Identity Bridges. It’s both possible and feasible. We were able to leverage the bridges to retire both CAS and SimpleSAMLphp (SSP). Since not all of our authentication attributes were in Entra ID, we also utilized Cirrus Identity’s Attribute Authority Add-On and Microsoft’s Custom Claims Provider to assert the required attributes from LDAP. These attributes have been historically protected for privacy, and we were happy we didn’t need to review and update our policy to deploy the bridges. The SAML Bridge also provides support for our users to access services from both the InCommon/eduGAIN federation and the SUNY system-wide federation.
Q: What benefits are you experiencing after your deployment?
A: We no longer need to worry about painful upgrades or patching, and our systems are more secure. We have been able to simplify and consolidate on Entra ID, which makes it much easier to deploy new requests for service providers. Recently, we noticed that our users were accessing a new REFEDS R&S tagged Service Provider, and we didn’t need to set anything up – it just works. We are also heavy users of conditional access in Entra ID, and now we have more control to enforce MFA in addition to improved logging for services. By moving to cloud-hosting, we also have fewer single points of failure.
Join Us for IAM Online
We hope you’ll join us online for “Multilateral Federation Guidance from Microsoft and Its Potential Impact on the R&E Community,” at 1 p.m. ET Wednesday, January 17, 2024.
- Already registered for IAM Online in the last year? You will automatically receive Zoom coordinates for current and future IAM Online webinars – you only need to register once!
- Haven’t attended an IAM Online? Register Now!
- Connection details will be emailed directly to all registrants on the morning of the event.
Got ideas for IAM Online? Let us know.