The InCommon Certificate Services and nine university subscribers have successfully completed a pilot, testing the use of single sign-on (SSO) and multifactor authentication (MFA) to log in to the Comodo Certificate Manager. This long-requested feature is now available for any Certificate Service subscriber that also operates an Identity Provider in the InCommon Federation.
Rather than use credentials provided by Comodo, those who administer certificates on campus (both RAOs, or Registration Authority Officers as well as DRAOs, or Departmental Registration Authority Officers) will use their InCommon federated credentials for single sign-on. In addition, RAOs will leverage their local multifactor authentication process to secure their logins.
The benefits of this approach include:
This security enhancement leverages the REFEDS Multi-Factor Authentication Profile that allows service providers to signal the need for, and Identity Providers to signal the use of, multifactor authentication. Use of the REFEDS profile makes for seamless communications between the IdP and SP. The profile is maintained by the international Research and Education Federations (REFEDS) organization comprised of almost 50 national federations (including InCommon).