Internet2 is investigating a security incident involving a compromise to a confluence server that affected on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email
Skip to end of metadata
Go to start of metadata

A pilot involving several InCommon Certificate Service subscribers continues, testing the use of single sign-on (SSO) and multifactor authentication (MFA) to log in to the Comodo Certificate Manager. This is a feature that has long been requested and was one of the top most-desired items on the survey conducted last year.

Rather than use credentials provided by Comodo, those who administer certificates on campus (both RAOs, or Registration Authority Officers as well as DRAOs, or Departmental Registration Authority Officers) will use their InCommon federated credentials for single sign-on. In addition, RAOs will leverage their local multifactor authentication process to secure their logins. The benefits of this approach include:

  • The InCommon Certificate service is used by organizations as their basis of internal and external trust. Protecting access with MFA reduces the likelihood of stolen credentials.

  • MFA-protected SSO increases security by leveraging protected campus credentials that RAOs already use in their local context to access higher security services.

This security enhancement will leverage the REFEDS Multi-Factor Authentication Profile that allows service providers to signal the need for, and Identity providers to signal the use of, multifactor authentication. The profile is maintained by the international Research and Education Federations (REFEDS) organization comprised of more than 40 national federations (including InCommon).

  • No labels