Versions Compared

Old Version 5

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

compared with

New Version 14

changes.mady.by.user Paul Caskey (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  • Currently use federated identity management (that is, you have an identity provider deployed in the InCommon Federation.
    • Currently use multifactor authentication


    Info
    titleSSO and MFA Currently in PilotAvailable

    The use of single sign-on and multifactor authentication for accessing the Comodo Certificate Manager is in pilot mode for the month of September 2017. If your campus would like to participate in the pilot, contact Paul Caskey (pcaskey@internet2.edu).available to any subscriber that also operates a compliant Identity Provider in the InCommon Federation. See the Identity Provider setup requirements on this wiki page.

    Also, in order to use this new service, your IdP must support the REFEDS MFA ProfileWe anticipate moving to production during October 2017.

    The InCommon Certificate Service offers single sign-on convenience, and the security of multifactor authentication (MFA), for logging in to the Comodo Certificate Manager (CCM) buy by those who administer their organization's certificates.

    • Single signon sign-on (SSO) is available to both RAOs (Registration Authority Officers) - the and DRAOs (Departmental Registration Authority Officers)
    • The organization must have an identity provider (IdP) in the InCommon Federation and also support MFA Any organization using SSO must also use MFA
    • The organization's IdP must be configured to support the REFEDS MFA profile

    Benefits

    The benefits for of using SSO and MFA include:

    • Removes the need to maintain a separate set of login credentials with the Comodo Certificate Manager
    • Eliminates the need for the RAO to request password resets from InCommon (which is time-consuming for both RAOs and InCommon staff)

    • The InCommon Certificate service is used by organizations as the basis of internal and external trust. Protecting it with MFA reduces the likelihood of stolen credentials.

    • In addition to having an identity provider in the InCommon Federation, the campus must support MFA locally.
      • Specifically, the campus MFA implementation must support the REFEDS Multi-Factor Authentication Profile, an international standard adopted and maintained by the Research and Education Federations (REFEDS) organization, comprised of mor than 40 national federations (including InCommon)

    • MFA protected SSO increases security by leveraging protected campus credentials that RAOs already use in their local context to access higher security services.

    Single Sign On

    • Campus must have an identity provider in the InCommon Federation
    • The RAO uses federated identity via InCommon to log into the Comodo Certificate Manager (rather than credentials provided by Comodo)
    • If the campus has delegated responsibilities to DRAOs, those in that role do not need to use SSO once they are appropriately provisioned (since their work is approved to the RAO)

    Multifactor Authentication

    • .

      •  
    Note
    titleSeeking Pilot Participants

    If your campus would like to participate in the pilot, contact Paul Caskey (pcaskey@internet2.edu).

    Requirements: