SOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES

Size: px
Start display at page:

Download "SOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES"

Transcription

1 SOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES Todd Haddaway, University of Maryland, Baltimore County Jacob Farmer, Indiana University Dedra Chamberlin, Cirrus Identity 2015 Internet2

2 Social identities in higher ed: why and how with real-world examples OVERVIEW 1. Business drivers for social identity integration 2. Gateways 3. Risk Assessment 4. Data Management and Privacy 5. Real-world example UMBC parent access to PeopleSoft 6. Social -> SAML -> CAS -- IndianaU CAS/SAML/Social ID combo 7. Companion s Invitation, Linking 8. Closing [ 2 ] 2015 Internet2

3 Social identities in higher ed: why and how with real-world examples OVERVIEW 1. Business Drivers for Social Identities 2. Gateways 3. Risk Assessment 4. Data Management and Privacy 5. Real-world example UMBC parent access to PeopleSoft 6. Social -> SAML -> CAS -- IndianaU CAS/SAML/Social ID combo 7. Companion s Invitation, Linking 8. Closing [ 3 ] 2015 Internet2

4 How Universities Do Business Customers s Login with your University : Username Password [ 4 ] 2015 Internet2

5 [ 5 ]

6 [ 6 ]

7 [ 7 ]

8 Arms Length Customers Parents Alumni/Donors Research Collaborators Continuing Ed Students Guest Faculty Prospective Students [ 8 ] 2015 Internet2

9 Guest s Only! [ 9 ]

10 Guest s and Their Cost + + = [ 10 ] 2015 Internet2

11 Accessing a University Alumni s Portal University of Fabulous Login with your University : Username Password [ 11 ] 2015 Internet2

12 Five Stages of Password Recovery Alumni s Portal University of Fabulous Sorry. The username and/or password you entered are incorrect. Please try again or submit a forgot password request. Login with your University : Username Password Sue Sm@rtypants! Denial [ 12 ] 2015 Internet2

13 Five Stages of Password Recovery Alumni s Portal University of Fabulous Sorry. The username and/or password you entered are incorrect. Please try again or submit a forgot password request. Login with your University : Username Password Sue Sm@rtypants! Anger [ 13 ] 2015 Internet2

14 Five Stages of Password Recovery Alumni s Portal University of Fabulous Sorry. The username and/or password you entered are incorrect. Please try again or submit a forgot password request. Login with your University : Username Password Sue Sm@rtypants! Bargaining [ 14 ] 2015 Internet2

15 Five Stages of Password Recovery Alumni s Portal University of Fabulous Sorry. The username and/or password you entered are incorrect. Please try again or submit a forgot password request. Login with your University : Username Password Sue 1tsR33lyM3 Bargaining [ 15 ] 2015 Internet2

16 Five Stages of Password Recovery Alumni s Portal University of Fabulous Sorry. The username and/or password you entered are incorrect. Please try again or submit a forgot password request. Login with your University : Username Password Susan 1tsR33lyM3 Bargaining [ 16 ] 2015 Internet2

17 Five Stages of Password Recovery Alumni s Portal University of Fabulous Sorry. The username and/or password you entered are incorrect. Please try again or submit a forgot password request. Login with your University : Username Password Susan Sm@rtypants! Bargaining [ 17 ] 2015 Internet2

18 Five Stages of Password Recovery Alumni s Portal University of Fabulous Sorry. The username and/or password you entered are incorrect. Please try again or submit a forgot password request. Login with your University : Username Password Susan Sm@rtypants! Depression [ 18 ] 2015 Internet2

19 Five Stages of Password Recovery Go through the password reset process Keep password file on local device (encrypted or not) Use a password manager like LastPass Keep more post-it notes Acceptance [ 19 ]

20 Five Stages of Password Recovery Alumni s Portal University of Fabulous Login with your University : Don t have (or remember) your University info? Login with: Username Password [ 20 ] 2015 Internet2

21 Parents Alumni/Donors Research Collaborators Continuing Ed Students Create a Virtual Gateway to Expand Access Guest Faculty Prospective Students [ 21 ]

22 Social identities in higher ed: why and how with real-world examples OVERVIEW 1. Business Drivers for Social Identities 2. Gateways 3. Risk Assessment 4. Data Management and Privacy 5. Real-world example UMBC parent access to PeopleSoft 6. Social -> SAML -> CAS -- IndianaU CAS/SAML/Social ID combo 7. Companion s Invitation, Linking 8. Closing [ 22 ] 2015 Internet2

23 Sharing s Across Institutions [ 23 ]

24 Trust Framework [ 24 ]

25 Trust Framework SAML [ 25 ]

26 Social providers do not belong to the identity federation Social providers use different authentication protocols SAML OAuth Google Facebook [ 26 ]

27 SAML Gateway Google Facebook [ 27 ]

28 SAML Gateway Google Facebook [ 28 ]

29 Social identities in higher ed: why and how with real-world examples OVERVIEW 1. Business Drivers for Social Identities 2. Gateways 3. Risk Assessment 4. Data Management and Privacy 5. Real-world example UMBC parent access to PeopleSoft 6. Social -> SAML -> CAS -- IndianaU CAS/SAML/Social ID combo 7. Companion s Invitation, Linking 8. Closing [ 29 ] 2015 Internet2

30 Social Identity Risks Trust is this user who they say they are? Social providers change their practices Google migration to OpenID Connect LinkedIn APIs agreement changes Google addition of fees for Google Cloud Inconsistent data and coping with user-driven updates Facebook Twitter no MS WindowsLive multivalued Using gateways as more than a broker creates lock-in risks [ 30 ]

31 Social identities in higher ed: why and how with real-world examples OVERVIEW 1. Business Drivers for Social Identities 2. Gateways 3. Risk Assessment 4. Data Management and Privacy 5. Real-world example UMBC parent access to PeopleSoft 6. Social -> SAML -> CAS -- IndianaU CAS/SAML/Social ID combo 7. Companion s Invitation, Linking 8. Closing [ 31 ] 2015 Internet2

32 Data Management and Attributes Users provide data to social providers; agree to terms Social providers expose that data via their APIs Gateways act as a broker Attribute mapping Attribute enrichment (and associated workflow) Key question: How much do you want to tie a service to the gateway service? [ 32 ]

33 API Integration and Data Flow Provider Integration API key and secret Social Identity Providers APIs X Gateway SAML SPs (Applications, Enterprise Databases IDMS) End User Authentication Admins End User Admin [ 33 ]

34 Level Integration Level Integration API key and secret Social Identity Providers APIs Gateway SAML SPs (Applications, Enterprise Databases IDMS) End User Authentication Admins End User Admin [ 34 ]

35 Benefits of SP Level Integration API Limits set per SP, not for entire campus SP specific info on the User Consent screen during login flow increases trust [ 35 ]

36 User Consent Screen [ 36 ]

37 Privacy API access to user data Exposing and mining user data Helping users understand where data originates, how it is stored and shared User visibility into data [ 37 ]

38 Social identities in higher ed: why and how with real-world examples OVERVIEW 1. Business Drivers for Social Identities 2. Gateways 3. Risk Assessment 4. Data Management and Privacy 5. Real-world example UMBC parent access to PeopleSoft 6. Social -> SAML -> CAS -- IndianaU CAS/SAML/Social ID combo 7. Companion s Invitation, Linking 8. Closing [ 38 ] 2015 Internet2

39 Social identities in higher ed: why and how with real-world examples [ 39 ] 2015 Internet2

40 Social identities in higher ed: why and how with real-world examples Grades?? [ 40 ] 2015 Internet2

41 Social identities in higher ed: why and how with real-world examples Social Identities at UMBC Students use an invitation system to grant or revoke access Using Google and Facebook credentials Access to information becomes an issue between the student and their parent Eliminates a paper system of permission to view [ 41 ] 2015 Internet2

42 Social identities in higher ed: why and how with real-world examples Social Identities at UMBC Today students can share Course schedule Grades Coming soon Student finances (view account balance and details) Financial Aid (view awards and award status) Advising (view notes taken during advising sessions) [ 42 ] 2015 Internet2

43 Social identities in higher ed: why and how with real-world examples Social Identities at UMBC Live Demo (well, HOPEFULLY live) [ 43 ] 2015 Internet2

44 Social identities in higher ed: why and how with real-world examples OVERVIEW 1. Business Drivers for Social Identities 2. Gateways 3. Risk Assessment 4. Data Management and Privacy 5. Real-world example UMBC parent access to PeopleSoft 6. Social -> SAML -> CAS -- IndianaU CAS/SAML/Social ID combo 7. Companion s Invitation, Linking 8. Closing [ 44 ] 2015 Internet2

45 Social identities in higher ed: why and how with real-world examples Social to SAML is great If your applications are using SAML. But what if you have a broad, diverse community of applications that are tied to using CAS? And, they are accustomed to having a globally unique identifier available for all of their users? IU s Answer: Work with a partner to build a Social -> SAML -> CAS gateway [ 45 ] 2015 Internet2

46 Social identities in higher ed: why and how with real-world examples OVERVIEW 1. Business Drivers for Social Identities 2. Gateways 3. Risk Assessment 4. Data Management and Privacy 5. Real-world example UMBC parent access to PeopleSoft 6. Social -> SAML -> CAS -- IndianaU CAS/SAML/Social ID combo 7. Companion s Invitation, Linking 8. Closing [ 46 ] 2015 Internet2

47 Invitation If you don t want everyone with a Google to be authorized Pre-provision authorized users Sponsorship confers some degree of trust Some methods: MACE Grouper for campus-wide guests App specific invitation Gateway-based invitation/authorization [ 47 ]

48 Linking Providers may expect a specific attribute or identifier that a social identity provider won t assert linking ties together a variety of attributes and identifiers across multiple identity providers Users choose how to log in, the app gets the attribute(s) it expects [ 48 ]

49 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

50 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

51 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

52 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

53 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

54 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

55 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

56 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

57 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

58 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

59 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

60 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

61 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

62 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

63 Linking Identifier Linking Iden+fier SAML Linking DB Attr Social Attr Gateway Google Facebook

64 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

65 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

66 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

67 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

68 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

69 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

70 Linking Identifier Linking Iden+fier SAML Linking DB Gateway Google Facebook

71 Social identities in higher ed: why and how with real-world examples OVERVIEW 1. Business Drivers for Social Identities 2. Gateways 3. Risk Assessment 4. Data Management and Privacy 5. Real-world example UMBC parent access to PeopleSoft 6. Social -> SAML -> CAS -- IndianaU CAS/SAML/Social ID combo 7. Companion s Invitation, Linking 8. Closing [ 71 ] 2015 Internet2

72 Resources and Contacts InCommon Workgroups: Social Identities Workgroup Home External Identities Workgroup Home Todd Haddaway Jacob Farmer Dedra Chamberlin [ 72 ]

73 SOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES Todd Haddaway, University of Maryland, Baltimore County Jacob Farmer, Indiana University Dedra Chamberlin, Cirrus Identity 2015 Internet2

Do I Really Need Another Account? External Identities for Campus Applications

Do I Really Need Another Account? External Identities for Campus Applications Do I Really Need Another Account? External Identities for Campus Applications Dedra Chamberlin, Cirrus Identity Eric Goodman, University of California Todd Haddaway, UMBC Tom Jordan, University of Wisconsin-Madison

More information

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of

More information

SAP Security in a Hybrid World. Kiran Kola

SAP Security in a Hybrid World. Kiran Kola SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal

More information

If a student logs in using the Google or Microsoft options on the bottom of the screen, they will get to the guest portal. If you have students

If a student logs in using the Google or Microsoft options on the bottom of the screen, they will get to the guest portal. If you have students 1 If a student logs in using the Google or Microsoft options on the bottom of the screen, they will get to the guest portal. If you have students saying I am logged in but I don t see form it is probably

More information

Goal. TeraGrid. Challenges. Federated Login to TeraGrid

Goal. TeraGrid. Challenges. Federated Login to TeraGrid Goal Federated Login to Jim Basney Terry Fleury Von Welch Enable researchers to use the authentication method of their home organization for access to Researchers don t need to use -specific credentials

More information

Salesforce External Identity Implementation Guide

Salesforce External Identity Implementation Guide Salesforce External Identity Implementation Guide Salesforce, Winter 18 @salesforcedocs Last updated: December 20, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered

More information

Salesforce External Identity Implementation Guide

Salesforce External Identity Implementation Guide Salesforce External Identity Implementation Guide Salesforce, Summer 17 @salesforcedocs Last updated: September 28, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered

More information

Salesforce External Identity Implementation Guide

Salesforce External Identity Implementation Guide Salesforce External Identity Implementation Guide Salesforce, Spring 17 @salesforcedocs Last updated: March 11, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered

More information

Define Your Office 365 External Sharing Strategy

Define Your Office 365 External Sharing Strategy Define Your Office 365 External Sharing Strategy Tuesday, April 24, 2018 12:00-1:00 PM Peter Carson President, Extranet User Manager and Envision IT SharePoint MVP Partner Seller, Microsoft Canada peter.carson@extranetusermanager.com

More information

5 OAuth Essentials for API Access Control

5 OAuth Essentials for API Access Control 5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows

More information

What is MyPalomarHealth and how will it benefit my health care? How do I access my health information on MyPalomarHealth?

What is MyPalomarHealth and how will it benefit my health care? How do I access my health information on MyPalomarHealth? MyPalomarHealth FAQs Enrollment Questions What is MyPalomarHealth and how will it benefit my health care? MyPalomarHealth offers patients personalized and secure on-line access to portions of their medical

More information

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products CIAM: Need for Identity Governance & Assurance Yash Prakash VP of Products Key Tenets of CIAM Solution Empower consumers, CSRs & administrators Scale to millions of entities, cloud based service Security

More information

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration

More information

Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,

Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April, Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

5 OAuth EssEntiAls for APi AccEss control layer7.com

5 OAuth EssEntiAls for APi AccEss control layer7.com 5 OAuth Essentials for API Access Control layer7.com 5 OAuth Essentials for API Access Control P.2 Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the

More information

Exostar Identity Access Platform (SAM) User Guide September 2018

Exostar Identity Access Platform (SAM) User Guide September 2018 Exostar Identity Access Platform (SAM) User Guide September 2018 Copyright 2018 Exostar, LLC All rights reserved. 1 INTRODUCTION... 4 SUMMARY... 4 Exostar IAM Platform (SAM) Organization and User Types...

More information

Office 365 External Sharing Webinar November 7, 2017

Office 365 External Sharing Webinar November 7, 2017 Office 365 External Sharing Webinar November 7, 2017 Introductions Peter Carson President, Extranet User Manager and Envision IT SharePoint MVP Partner Seller, Microsoft Canada peter.carson@extranetusermanager.com

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: Trent University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert

More information

Person Proxy Information

Person Proxy Information Person Proxy Information General Proxy Information Proxy: A person authorized to act on the behalf of another A student can designate an individual as his/her proxy to have access to designated pages in

More information

SharePoint 2019 and Extranet User Manager

SharePoint 2019 and Extranet User Manager SharePoint 2019 and Extranet User Manager Tuesday, June 5, 2018 12:00-1:00 PM http://eum.co (#) Agenda Introductions SharePoint 2019 Announcements SharePoint On Premises Extranets EUM Features and Licensing

More information

Using Keycloak to Provide Authentication, Authorization, and Identity Management Services for Your Gateway

Using Keycloak to Provide Authentication, Authorization, and Identity Management Services for Your Gateway Using Keycloak to Provide Authentication, Authorization, and Identity Management Services for Your Gateway Marcus Christie Science Gateways Research Center Indiana University EDS Consultant Award Number

More information

Exostar Identity Access Platform (SAM) User Guide July 2018

Exostar Identity Access Platform (SAM) User Guide July 2018 Exostar Identity Access Platform (SAM) User Guide July 2018 Copyright 2018 Exostar, LLC All rights reserved. 1 Version Impacts Date Owner Identity and Access Management Email Verification (Email OTP) July

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name:_Unversity of Regina Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert

More information

Parent/Guest Access: Tutorial

Parent/Guest Access: Tutorial Parent/Guest Access: Tutorial It is possible for you to give a guest access to your student information displayed in your MyCSC account for the purpose of viewing your financial aid information, grades

More information

October J. Polycom Cloud Services Portal

October J. Polycom Cloud Services Portal October 2018 3725-42461-001J Polycom Cloud Services Portal Copyright 2018, Polycom, Inc. All rights reserved. No part of this document may be reproduced, translated into another language or format, or

More information

Managed Access Gateway. User Guide

Managed Access Gateway. User Guide Managed Access Gateway User Guide Version 2.2 Exostar, LLC November 3, 2011 Table of Contents Table of Contents... ii Purpose... 1 Log-in to your MAG Account... 2 Additional MAG Login Options... 2 First

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

Martin Baker Secure Source-to-Pay How to Access and Log In

Martin Baker Secure Source-to-Pay How to Access and Log In Martin Baker Secure Source-to-Pay How to Access and Log In December 2017 1 How to Log in to Secure Source-to-Pay The Managed Access Gateway (MAG) solution is used as the login authentication and access

More information

Managed Access Gateway. User Guide

Managed Access Gateway. User Guide Managed Access Gateway User Guide Version 3.0 Exostar, LLC April 20, 2013 Table of Contents Table of Contents...ii Purpose... 1 Log-in to your MAG Account... 2 Additional MAG Login Options... 2 First Time

More information

Identity and Access Management (IAM) Platform User Guide

Identity and Access Management (IAM) Platform User Guide Identity and Access Management (IAM) Platform User Guide May 2018 Copyright 2018 Exostar LLC. All rights reserved 1 Contents Introduction... 5 Getting Started... 5 Organization and User ID Information...

More information

Secure Access Manager User Guide September 2017

Secure Access Manager User Guide September 2017 Secure Access Manager User Guide September 2017 1 1 INTRODUCTION... 3 1.1 SUMMARY... 3 2 BASIC FUNCTIONS... 3 2.1 LOGIN TO YOUR SAM ACCOUNT... 3 2.1.1 How to Activate your Account... 3 2.1.2 How to Login

More information

Getting Started with the Aloha Community Template for Salesforce Identity

Getting Started with the Aloha Community Template for Salesforce Identity Getting Started with the Aloha Community Template for Salesforce Identity Salesforce, Winter 18 @salesforcedocs Last updated: November 30, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved.

More information

Prof. Christos Xenakis

Prof. Christos Xenakis From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis H2020 Clustering

More information

Prof. Christos Xenakis

Prof. Christos Xenakis From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis SAINT Workshop

More information

Desired Go Live July 15, 2018 but we reserve the right to adjust this date based on circumstances.

Desired Go Live July 15, 2018 but we reserve the right to adjust this date based on circumstances. RFP 17 011 Questions and Answers When would you like the system to Go Live? Desired Go Live July 15, 2018 but we reserve the right to adjust this date based on circumstances. What is the intended RFP award

More information

ServiceNow Deployment Guide

ServiceNow Deployment Guide ServiceNow Deployment Guide (For Eureka release and forward) Okta Inc. 301 Brannan Street, 3 rd Floor San Francisco, CA, 94107 info@okta.com 1-888-722-7871 Contents Overview... 3 Active Directory Integration...

More information

Secure Access Manager User Guide December 2017

Secure Access Manager User Guide December 2017 Secure Access Manager User Guide December 2017 Copyright 2017 Exostar, LLC All rights reserved. 1 INTRODUCTION... 3 SUMMARY... 3 BASIC FUNCTIONS... 3 LOGIN TO YOUR SAM ACCOUNT... 3 How to Activate your

More information

PowerSchool Users Guide for Parents/Guardians

PowerSchool Users Guide for Parents/Guardians PowerSchool Users Guide for Parents/Guardians Introduction PowerSchool's Parent Portal is a tool specifically developed for parents and students that integrates into the PowerSchool Student Information

More information

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013 Ping Identity RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 13, 2013 Product Information Partner Name Ping Identity Web Site www.pingidentity.com Product Name PingFederate

More information

Credentialing for InCommon

Credentialing for InCommon Credentialing for InCommon Summary/Purpose: This policy describes the means by which user accounts and credentials are managed by the University of Mississippi, as related to participation in the InCommon

More information

Introduction to application management

Introduction to application management Introduction to application management To deploy web and mobile applications, add the application from the Centrify App Catalog, modify the application settings, and assign roles to the application to

More information

Authentication CS 4720 Mobile Application Development

Authentication CS 4720 Mobile Application Development Authentication Mobile Application Development System Security Human: social engineering attacks Physical: steal the server itself Network: treat your server like a 2 year old Operating System: the war

More information

Cracking the Access Management Code for Your Business

Cracking the Access Management Code for Your Business White Paper Security Cracking the Access Management Code for Your Business As the digital transformation expands across your business, delivering secure access to it has made a modern identity and access

More information

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model TRUST. assured reliance on the character, ability, strength, or truth of someone or something - Merriam-Webster TRUST AND IDENTITY July 2017 Trusted Relationships for Access Management: The InCommon Model

More information

Challenges in Authenticationand Identity Management

Challenges in Authenticationand Identity Management Sep 05 ISEC INFOSECURITY TOUR 2017 05.09.2017, Buenos Aires, Argentina Challenges in Authenticationand Identity Management CAMINANTE NO HAY CAMINO, SE HACE CAMINO AL ANDAR 2016 SecurIT Who is MerStar?

More information

13241 Woodland Park Road, Suite 400 Herndon, VA USA A U T H O R : E X O S T A R D ATE: M A R C H V E R S I O N : 3.

13241 Woodland Park Road, Suite 400 Herndon, VA USA A U T H O R : E X O S T A R D ATE: M A R C H V E R S I O N : 3. SECURE ACCESS MAN AG E R FIRST TIME LOGIN GUIDE A U T H O R : E X O S T A R D ATE: M A R C H 2 0 1 5 V E R S I O N : 3.0 1 S E C U R E A CCESS M A N A G E R SECURE ACCESS MANAGER OVERVIEW... 3 SUMMARY...

More information

Warm Up to Identity Protocol Soup

Warm Up to Identity Protocol Soup Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital

More information

VETtrak Canvas LMS Integration User Guide

VETtrak Canvas LMS Integration User Guide VETtrak Canvas LMS Integration User Guide Contents Canvas LMS Integration User Guide... 2 What does the Canvas LMS Integration do?... 2 How to use this Guide... 2 Configuration in VETtrak... 2 Security...

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

Extending Services with Federated Identity Management

Extending Services with Federated Identity Management Extending Services with Federated Identity Management Wes Hubert Information Technology Analyst Overview General Concepts Higher Education Federations eduroam InCommon Federation Infrastructure Trust Agreements

More information

Connect-2-Everything SAML SSO (client documentation)

Connect-2-Everything SAML SSO (client documentation) Connect-2-Everything SAML SSO (client documentation) Table of Contents Summary Overview Refined tags Summary The Connect-2-Everything landing page by Refined Data allows Adobe Connect account holders to

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

BSE-SINGLE SIGN ON. For Brokers/ Banks/ Mutual Funds

BSE-SINGLE SIGN ON. For Brokers/ Banks/ Mutual Funds BSE-SINGLE SIGN ON For Brokers/ Banks/ Mutual Funds Contents Introduction:... 2 Features:... 2 Advantages:... 2 On-boarding process.... 3 SSO application Login Process... 7 Authentication via OTP... 7

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: CARLETON UNIVERSITY Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

Logging into LTC Instant Access the First Time

Logging into LTC Instant Access the First Time Logging into LTC Instant Access the First Time Access the Instant Access website at: https://mycampus.gotoltc.edu a. from the LTC website Current Students>Technology & Logins>LTC Instant Access Enter your

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

271 Waverley Oaks Rd. Telephone: Suite 206 Waltham, MA USA

271 Waverley Oaks Rd. Telephone: Suite 206 Waltham, MA USA Contacting Leostream Leostream Corporation http://www.leostream.com 271 Waverley Oaks Rd. Telephone: +1 781 890 2019 Suite 206 Waltham, MA 02452 USA To submit an enhancement request, email features@leostream.com.

More information

Centrify for Dropbox Deployment Guide

Centrify for Dropbox Deployment Guide CENTRIFY DEPLOYMENT GUIDE Centrify for Dropbox Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of

More information

[GSoC Proposal] Securing Airavata API

[GSoC Proposal] Securing Airavata API [GSoC Proposal] Securing Airavata API TITLE: Securing AIRAVATA API ABSTRACT: The goal of this project is to design and implement the solution for securing AIRAVATA API. Particularly, this includes authenticating

More information

E X O S T A R, LLC D A T E : M AY V E R S I O N : 4.0

E X O S T A R, LLC D A T E : M AY V E R S I O N : 4.0 SECURE ACCESS MAN AG E R USER GUI DE E X O S T A R, LLC D A T E : M AY 2 0 1 7 V E R S I O N : 4.0 1 S E C U R E AC C E S S M A N A G E R 1 INTRODUCTION... 3 1.1 SUMMARY... 3 2 BASIC FUNCTIONS... 3 2.1

More information

Leveraging the InCommon Federation to access the NSF TeraGrid

Leveraging the InCommon Federation to access the NSF TeraGrid Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University of Illinois at Urbana-Champaign jbasney@ncsa.uiuc.edu

More information

Single Sign-On for PCF. User's Guide

Single Sign-On for PCF. User's Guide Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans

More information

Aruba Central Guest Access Application

Aruba Central Guest Access Application Aruba Central Guest Access Application User Guide Copyright Information Copyright 2017Hewlett Packard Enterprise Development LP. Open Source Code This product includes code licensed under the GNU General

More information

1. Federation Participant Information DRAFT

1. Federation Participant Information DRAFT INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES [NOTE: This document should be considered a as MIT is still in the process of spinning up its participation in InCommon.] Participation in InCommon

More information

Facilitating the Attribute Economy. David W Chadwick George Inman, Kristy Siu 2011 University of Kent

Facilitating the Attribute Economy. David W Chadwick George Inman, Kristy Siu 2011 University of Kent Facilitating the Attribute Economy David W Chadwick George Inman, Kristy Siu University of Kent 2011 University of Kent Internet 2 Fall 2011 Member Meeting 1 (Some) Attribute AuthzRequirements Attributes

More information

Identity & Access Management: Changes for FAS and Beyond. May 6, p.m. FAS Standing Committee on IT Barker Center Plimpton Room

Identity & Access Management: Changes for FAS and Beyond. May 6, p.m. FAS Standing Committee on IT Barker Center Plimpton Room Identity & Access Management: Changes for FAS and Beyond May 6, 2015 12 p.m. FAS Standing Committee on IT Barker Center Plimpton Room Agenda The Vision for Harvard Identity & Access Management Business

More information

ELLUCIAN GO HOW-TO GUIDE

ELLUCIAN GO HOW-TO GUIDE ELLUCIAN GO HOW-TO GUIDE 03.31.17 CONTENTS GET THE ELLUCIAN GO APP... CHOOSE ACM AS YOUR SCHOOL... SIGN IN... ELLUCIAN GO MENU... REGISTER FOR COURSES... MY SCHEDULE... MY GRADES... MY FINANCIALS... ACADEMICS

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES (POP)

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES (POP) INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES (POP) GALLAUDET UNIVERSITY Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant")

More information

Ontario College Application User Guide

Ontario College Application User Guide Ontario College Application User Guide 2018 / 2019 ontariocolleges.ca Research Colleges and Programs Visit ontariocolleges.ca/map for all campus locations Explore Colleges Go to ontariocolleges.ca/colleges

More information

Administrator s Guide

Administrator s Guide Administrator s Guide (January 2017) Welcome! You have been invited to manage the subscriber community who will be using this videoconferencing service within your organization. This guide will provide

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Submit Form Participant Name: Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative

More information

Ontario College Application User Guide

Ontario College Application User Guide Ontario College Application User Guide 2018 / 2019 ontariocolleges.ca Research Colleges and Programs Visit ontariocolleges.ca/map for all campus locations Explore Colleges Go to ontariocolleges.ca/colleges

More information

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young ArcGIS Online A Security, Privacy, and Compliance Overview Andrea Rosso Michael Young ArcGIS Online A Multi-Tenant System Portal Portal Portal ArcGIS Online Agenda Online Platform Security Deployment Architecture

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: University of Toronto Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert

More information

IAM Project Overview & Milestones

IAM Project Overview & Milestones IAM Project Overview & Milestones TABLE OF CONTENTS IAM PROJECT SUCCESS FACTORS 3 PROJECT SCOPE 3 IN SCOPE 3 OUT OF SCOPE 4 IAM NOW VS. FUTURE 5 IAM NOW 5 IAM IN THE FUTURE 7 IAM PROJECT END STATE 8 ACCESS

More information

FREE AJAX SUITE. User Guide FOR MAGENTO 2. Version: Release Date: Product Page: Ajax Suite. Support:

FREE AJAX SUITE. User Guide FOR MAGENTO 2. Version: Release Date: Product Page: Ajax Suite. Support: FREE AJAX SUITE FOR MAGENTO 2 User Guide Version: 1.2.0 Release Date: 19.09.2017 Product Page: Ajax Suite Support: info@tigren.com C O P Y R I G H T 2017 TABLE OF CONTENTS Installation. 1 Ajax Suite....2

More information

Access Guide for New Donor Connect Users

Access Guide for New Donor Connect Users Access Guide for New Donor Connect Users Donor Connect is Colorado State University s premier online donor portal to view and celebrate your individual giving story. To find the login option that s best

More information

Visit ontariocolleges.ca/map for all campus locations

Visit ontariocolleges.ca/map for all campus locations Visit ontariocolleges.ca/map for all campus locations 2017 / 2018 application opens at ontariocolleges.ca. 2017 / 2018 application data is sent to colleges. Applications received and paid for on or before

More information

Adobe Document Cloud esign Services. for Salesforce Version 17 Upgrade Guide

Adobe Document Cloud esign Services. for Salesforce Version 17 Upgrade Guide Adobe Document Cloud esign Services for Salesforce Version 17 Upgrade Guide 2015 Adobe Systems Incorporated. All Rights Reserved. Last Updated: August 25, 2015 Table of Contents Upgrading from a previous

More information

Identity and Access Management (IAM) Platform User Guide

Identity and Access Management (IAM) Platform User Guide Identity and Access Management (IAM) Platform User Guide July 2018 Copyright 2018 Exostar LLC. All rights reserved 1 Version Impacts Date Owner Identity and Access Management View Complete Email Address

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access

More information

Accessing the Online Application

Accessing the Online Application Accessing the Online Application The online application is available in the onboard community. Prospective families must have a username and password in order to access the community. Admissions Managers

More information

Set Up and Manage Salesforce Communities

Set Up and Manage Salesforce Communities Set Up and Manage Salesforce Communities Salesforce, Spring 16 @salesforcedocs Last updated: April 28, 2016 Copyright 2000 2016 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark

More information

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name: Royal Society of Chemistry Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they

More information

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1 Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to

More information

User Management. Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017

User Management. Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017 User Management Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017 Agenda Introduction User Management Federation Objectives 1 Introduction NextGEOSS High-Level Architecture DataHub harvest

More information

Creating and Using Your FSA ID: An Overview

Creating and Using Your FSA ID: An Overview Creating and Using Your FSA ID: An Overview Topics Covered What is the FSA ID? Do my parents need an FSA ID? How do I create an FSA ID? Where can I use my FSA ID? What to Do I Forgot My Username or Password

More information

The Four A s of Access A practical guide to auditing an access process.

The Four A s of Access A practical guide to auditing an access process. The Four A s of Access A practical guide to auditing an access process. Ken Heskett, University of Michigan Objectives Understand access-related terminology and how you can use this information to help

More information

Enhanced OpenID Protocol in Identity Management

Enhanced OpenID Protocol in Identity Management Enhanced OpenID Protocol in Identity Management Ronak R. Patel 1, Bhavesh Oza 2 1 PG Student, Department of Computer Engg, L.D.College of Engineering, Gujarat Technological University, Ahmedabad 2 Associate

More information

Your Auth is open! Oversharing with OpenAuth & SAML

Your Auth is open! Oversharing with OpenAuth & SAML Your Auth is open! Oversharing with OpenAuth & SAML Andrew Pollack Northern Collaborative Technologies 2013 by the individual speaker Sponsors 2013 by the individual speaker Who Am I? Andrew Pollack President

More information

Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10

Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10 Cloud Service Administrator's Guide 15 R2 March 2016 Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10 Configuring Settings for Microsoft Internet Explorer...

More information

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD) Participant Name Wilfrid Laurier University Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they

More information

Security Guide Zoom Video Communications Inc.

Security Guide Zoom Video Communications Inc. Zoom unifies cloud video conferencing, simple online meetings, group messaging, and a softwaredefined conference room solution into one easy-to-use platform. Zoom offers the best video, audio, and wireless

More information

Access Management Handbook

Access Management Handbook Access Management Handbook Contents An Introduction 3 Glossary of Access Management Terms 4 Identity and Access Management (IAM) 4 Access Management 5 IDaaS 6 Identity Governance and Administration (IGA)

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

APS Mobile App Frequently Asked Questions

APS Mobile App Frequently Asked Questions How much does the APS Mobile App cost to download? The APS Mobile App is free to download! How do I install the APS Mobile App? Android Device: 1. Visit the Google Play Store 2. Search for Atlanta Public

More information