Join InCommon

Identity lifecycle management

InCommon solutions

Software that will help you manage roles over time

It is challenging to provide and manage access to institutional resources as people’s roles and needs change over time. The InCommon Trusted Access Platform can help!

Have you ever sat down and tried to create a grid that shows all of the possible combinations of how a person can be affiliated with a university? Of course not, but it is interesting to consider.

Someone may have found their way into a database by attending a summer camp. They become a prospective student, then maybe an applicant. Then, if you are lucky, they enroll and the fun begins. They are a student. But maybe also a part-time employee. Maybe mom or dad also went to the school, so there’s that. Then they graduate but go to grad school. Or they become an employee and then start taking classes toward a degree. We’ll stop there. Let’s just say it’s complicated.

Many times, defining a person’s role is necessary to providing access, removing access, or changing access to multiple resources depending on the situation. You could use their role, but there might a better way. You could tag their record with “alumnus” or “student” or “parent” and figuring things out that way.

But you don’t have to figure it out. Your research and education colleagues already have by developing the InCommon Trusted Access Platform to solve these problems that are unique – or at least more extensive – in our community. The software can help you manage these access issues over multiple resources and systems of record.


Shibboleth provides single sign-on (SSO) to resources locally, globally, and in the cloud. It allows for informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.


Grouper helps collaboration happen. You can set up groups, roles, and permissions for many purposes, such as populating and administering standing committees, ad hoc research teams, departments, or classes.


midPoint synchronizes several identity repositories and databases, manages them, makes them available in a unified form.


COmanage leverages federated identity management services and handles the authentication and authorization of collaborative organization members in a single, efficient process.