Blog from March, 2018

Managing Affiliate, Alumni, and Other Identities with COmanage

Wednesday, April 18, 2018
2 pm ET / 1 pm CT / Noon MT / 11 am PT

COmanage might be the most useful identity management tool that you have never used.  COmanage Registry is an identity registry and lifecycle management system designed to track complex and typically transient affiliations. The registry maintains identity data, tracks groups and roles, and provisions to directories and other services.

Join us for the April IAM Online to hear two case studies for the use of COmanage:

  • Lafayette College will discuss how COmanage filled operational gaps in their identity management system by becoming the source system for affiliates of the College such as auditors, contractors, and employees of outsourced services such as dining. COmanage is authoritative for identity data, tracks sponsors, provisions NetIDs in LDAP, and manages the identity lifecycle, including account renewals.
  • Colorado State University has just launched COmanage as an entity registry and account linking system for alumni, as well as donors accessing the university’s Donor Connect system with external identities. This is the first phase of this project, which will soon include access to resources provided by the Registrar and parent/guardian access to student bills, class schedules, etc.

COmanage is one component in the TIER (Trust and Identity in Education and Research) suite, along with Shibboleth and Grouper.

Jeff Ruch, Colorado State University
Janmarie Duh, Lafayette College

Bill Thompson, Lafayette College

We use Adobe Connect for slide sharing and audio: For more details, including back-up phone bridge information, see

About IAM Online
IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information Security Council (HEISC).

The InCommon Steering Committee has approved changes to the InCommon Participation Agreement and the InCommon Federation Policies and Practices (FOPP). The changes are part of the adoption of Baseline Expectations for Trust in Federation, which includes a new dispute resolution process, eliminates the requirement for organizations to post a Participant Operational Practices (POP) document in favor of requiring certain elements to be present in the InCommon trust registry (also known as “metadata”).

In keeping with the InCommon charter and bylaws, the revised Participation Agreement goes into effect on June 15, 2018, 90 days after notice was sent on March 15. Changes to the FOPP are effective as of the Steering Committee action on March 4.

The InCommon community’s work on Baseline Expectations now enters a transition phase as we collectively gear up to support this new program. Look for more on the new dispute resolution and consensus process development/refinement in the coming weeks.

Information about the Baseline Expectations program is available on the InCommon website. There is also a Baseline Expectations wiki space, which includes links to informational webinars, an implementation roadmap, and an FAQ.

InCommon Shibboleth Installation Workshop - May 22-23, 2018

The first of two Shibboleth workshops planned for 2018 will take place May 22-23 at the Unicon headquarters in suburban Phoenix, Arizona. The second workshop will take place at the University of Pittsburgh (tentative dates are July 10-11). Here are the details about the workshop in Arizona.


Unicon Headquarters
1760 E. Pecos Rd., Suite 432
Gilbert, Arizona 85295 (suburban Phoenix)
May 22-23, 2018 (9 am - 5 pm PT both days)

Details on the site:

Are you interested in learning how to install and configure the Shibboleth SAML SSO/Federation Software? Do you need to upgrade to IdPv3? Would you like to see how the containerized TIER version of the Shibboleth IdP can simplify your installation and configuration?

Join us for the InCommon Shibboleth Installation Workshop May 22-23, 2018 at the Unicon Headquarters in Gilbert, Arizona (suburban Phoenix). The registration deadline is May 11.

The two-day training covers both the Identity Provider and Service Provider software, as well as some integration issues. We will also introduce you to the TIER (Trust and Identity in Education and Research) version of the Shibboleth IdP, which is delivered via a Docker container and is pre-configured to work well with InCommon. The workshop focuses on installing and deploying IdPv3 and the Shibboleth Service Provider. Here is what you can expect:

  • A two-day, directed self-paced workshop

  • Hands-on installation of the identity provider and service provider software

  • Experienced trainers providing overviews and one-on-one help

  • Discussions on configuration and suggested practices for federation

  • Attendance is limited to 40

The workshops will offer the chance to:

  • Install a prototype Shibboleth identity and service provider in a virtual machine environment

  • Gain experience with the Docker container version of the Shibboleth IdP (the TIER version)

  • Discuss how to configure and run the software in production

  • Learn about integration with other identity management components such as LDAP and selected service providers

Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff

  • Campus technology architects

To learn more about Shibboleth, see the Shibboleth wiki ( More information on federated identity can be found at