Page tree
Skip to end of metadata
Go to start of metadata


Respondents



Colleges & Universities

Carnegie Classification# of Institutions

Associate's Colleges: High Career & Technical-High Nontraditional

1

Associate's Colleges: Mixed Transfer/Career & Technical-High Nontraditional

1

Baccalaureate Colleges: Arts & Sciences Focus

17

Baccalaureate Colleges: Diverse Fields

2

Baccalaureate/Associate's Colleges: Associate's Dominant

3

Baccalaureate/Associate's Colleges: Mixed Baccalaureate/Associate's

1

Doctoral Universities: High Research Activity

10

Doctoral Universities: Very High Research Activity

14

Doctoral/Professional Universities

6

Master's Colleges & Universities: Larger Programs

8

Master's Colleges & Universities: Medium Programs

2

Special Focus Four-Year: Arts, Music & Design Schools

1

Special Focus Four-Year: Business & Management Schools

1

Special Focus Four-Year: Medical Schools & Centers

1

Special Focus Four-Year: Other Health Professions Schools

1

Other Respondents (Not a College or University)

InCommon Participant TypeCount
Higher Education Institution (District)1
Research Organization1
Sponsored Partner3

FTE Working in Identity and Access Management (IAM)

CountIAM staff measured as FTE*
12<1 FTE
281-3 FTE
74-7 FTE
08-11 FTE
1

12+ FTE

* Numbers do not include answers over 50 people or answers where only only name was given.  This question seemed to be worded in a confusing way

Products Used for Single Sign On (SSO)

SSO Product

 # Mentions

Shibboleth34
Azure Active Directory, ADFS14
CAS9
Okta4
Google SAML3
LDAP2
Fischer2
WSO22
OneLogin (SAML)2
SimpleSAMLphp1
Ethos1
Acceptto1
Portal Guard1
ForgeRockOpenAM1
SecureAuth1
Gluu1
IdentityNow1


Federation participation



Does your institution have an IdP in InCommon  or another EduGAIN federation?


NumberHas IdP in a federation?
40 (65.57%)Yes, we have an IdP in InCommon or other eduGAIN federation
17 (27.87%)No, we do not have an IdP in InCommon or another eduGAIN federation
4 (6.56%)I'm not sure 

Interest in federation for those participating or not sure

Of 21 respondents who did not have an IdP in InCommon (or another eduGAIN federation), 1 institution (classification: Associate's Colleges: Mixed Transfer/Career & Technical-High Nontraditional) was not interested in joining a federation.  The other 20 were split 50/50 on "yes" and "maybe" when asked if interested in joining an eduGAIN federation.


Factors preventing participation in federation

Free text answers explaining why an institution had not yet joined an eduGAIN federation fell into three categories:

  • Lack of FTE to support participation in federation (5 comments)
  • Lack of interest in prioritizing federation  (3 comments)
  • Lack of technical support (2 comments)

Institutional interest in cloud services


How committed is your institution to developing cloud-first infrastructure?

CountAnswer
1 (1.64%)Not interested in cloud
4 (6.56%)Prefer on-prem
10 (16.39%)Neutral
23 (37.70%)Prefer cloud
16 (26.23%)Very committed to cloud
7 (11.48)Prefer hybrid cloud



Desired features for IdPaaS  product



Multi-factor Authentication (MFA)

CountIntegration Option
36 (62%)Duo
13 (22.41%)I would want an IdPaaS to support MFA/2FA natively
9 (15.52%)Other (free text responses for Microsoft/Azure MFA,  Okta Verify, SMS, Voice
0 (0%)MFA is not a priority at my institution

Other Features

PointsRequested Feature
56Institutional Branding
55Ability to integrate with non-InCommon vendors
54Site-specific attribute release
50Site-specific MFA
47Support for eduroam/Radius as a service
45ECP
45Password Reset
43Consent

Where would you see IdPaaS as fitting into your institution's IAM portfolio?

CountOption

29 (47.54%)

As a supplemental SSO option to allow my institution to access external (federated) resources

21 (34.43%)

As a replacement for primary single sign-on (SSO) mechanism

8 (13.11%)

Other (see below)

3 (4.92%)

I can’t see IdPaaS fitting into our infrastructure (please tell us why)

(Selected "Other") - Please explain

Multiple respondents indicated that they may start with IdPaaS as a supplemental option and eventually promote it to a primary option if they liked it.   One respondent would be interested in using IdPaaS for guest account authentication.  Others indicated needing more information to evaluate, but expressed interest if IdPaaS would cut down on overhead/staffing demands.

(Selected "I can't see IdPaaS fitting into our infrastructure") - Please tell us why:

All who did not see their institution running an IdPaaS product are happy running their own SSO infrastructure, either on prem or in the cloud.


Incentives and reservations



What other features could an IdPaaS provide that would make this approach attractive to your institution?  What reservations would you have about deploying an IdPaaS solution?

Multiple Mentions

Delegated administration
Adaptive policy controls
Metadata
MDQ, InCommon
Social to SAML
Including account linking and registration
Privacy

Reporting
Including security events and troubleshooting tools

Attractive licensing terms
Concerns about costs not scaling well with user populations including alumni, parents, etc., demonstrating value proposition to leadership when current expenditures on IdP support already low, contract that will meet state procurement requirements
Friendly admin UI
Staffing  requirements
Support
Including for SP integrations
Standards & Interoperability


Source materials




  • No labels