Federated Identity Management
What is Identity Management (IDM)?
The University of Georgia’s Identity Management (IDM) team is responsible for identifying individuals and their various relationships to the University, such as student, faculty and staff. The attributes related to these relationships determine an individual’s appropriate access to University systems and services.
IDM also provides a single, authoritative source for identity data at the University.
IDM is responsible for managing UGA MyIDs, which are the usernames for all students, faculty, staff and verified partners, such as contractors and vendors.
What is Identity Federation?
Identity Federation is a single sign-on (SSO) service that allows users to gain access to multiple applications across organizations with the same credential, such as a MyID and password.
Identity Federation is a partnership between an identity provider and another organization to provide a secure and efficient means for individuals to access online resources.
A number of commercial websites use Identity Federation to allow users to login to their services. For example, Pinterest allows its users to login to their account with their Facebook credentials.
How Does Identity Federation Work?
With Identity Federation, when a user tries to access a federated partner’s online resources that require authentication, the user’s primary organization, such as UGA, authenticates that person by sending an approval to the federated partner. Identity data remains with the primary organization, such as UGA, instead of across multiple organizations. This reduces the risk of security incidents in a federated partnership.
What Are the Benefits of Using Identity Federation?
By using Identity Federation with approved partners, UGA students, faculty and staff can access additional resources with other organizations by authenticating with their MyID and password. This may be especially helpful for researchers conducting work with non-UGA collaborators at other institutions.
Identity Federation offers convenience for users and standards-based identity management practices between partners.
How is UGA Identity Federation Identity?
To support Identity Federation, EITS implemented SAML (Security Assertion Markup Language) protocol and uses the InCommon identity trust fabric.
The implementation uses UGA’s existing Central Authentication Service (CAS) for users to provide their MyID and password for authentication to services.
UGA has additional information on its participation as an InCommon organization.
How Do I Request Registration of a Third-Party Application Using Identity Federation?
UGA faculty and staff can submit a request to register third-party sites and applications in UGA’s Federated Identity Provider. This allows access to those sites using UGA MyID user names and passwords. It is recommended that important sites and applications are also included in the UGASSO system to ensure ongoing support if the UGA experience issues with the Federation provider.
Once a request has been submitted, the IDM team will review it and contact the applicant.