Internet2 is investigating a security incident involving a compromise to a confluence server that affected on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email
Page tree
Skip to end of metadata
Go to start of metadata

Who can use single sign-on?

Both RAOs and DRAOs at campuses that used federated identity (e.g. have an identity provider in the InCommon Federatoin) and support MFA locally can use the SSO/MFA feature.

I'm already an RAO and my organization uses SSO and MFA. How do I start using SSO?

Review this wiki page for the process.

We don't use SSO now, but it sure sounds like a good idea. How do I do that?

If you subscribe to the Certificate Service, your organization is an InCommon participant and you have access to the InCommon Federation. In order to use SSO, you would need to have an identity provider in the federation (which means your campus would need the proper identity management infrastructure). You can find out if your campus already has an identity provider by searching on this page. You may also be interested in reviewing this basic information on the InCommon Federation.

Does InCommon recommend a specific Multifactor Authentication method for use with the Certificate Service?

We do not have a specific recommendation. However, your MFA solution must support the REFEDS MFA Profile.

We use MFA locally, but I'm not sure about this REFEDS profile. What's that about?

The REFEDS profile ensures interoperability by specifying requirements that allows the service provider (in this case the Comodo Certificate Manager) to communicate its need for MFA and for the identity provider to communicate that it has successfully used MFA to authenticate the user.



  • No labels