The University of Georgia’s Identity Management (IDM) team is responsible for identifying individuals and their various relationships to the University, such as student, faculty and staff. The attributes related to these relationships determine an individual’s appropriate access to University systems and services.
IDM also provides a single, authoritative source for identity data at the University.
IDM is responsible for managing UGA MyIDs, which are the usernames for all students, faculty, staff and verified partners, such as contractors and vendors.
Identity Federation is a single sign-on (SSO) service that allows users to gain access to multiple applications across organizations with the same credential, such as a MyID and password.
Identity Federation is a partnership between an identity provider and another organization to provide a secure and efficient means for individuals to access online resources.
A number of commercial websites use Identity Federation to allow users to login to their services. For example, Pinterest allows its users to login to their account with their Facebook credentials.
With Identity Federation, when a user tries to access a federated partner’s online resources that require authentication, the user’s primary organization, such as UGA, authenticates that person by sending an approval to the federated partner. Identity data remains with the primary organization, such as UGA, instead of across multiple organizations. This reduces the risk of security incidents in a federated partnership.
By using Identity Federation with approved partners, UGA students, faculty and staff can access additional resources with other organizations by authenticating with their MyID and password. This may be especially helpful for researchers conducting work with non-UGA collaborators at other institutions.
Examples of Identity Federation services for UGA students, faculty and staff include the DMPTool.
Identity Federation offers convenience for users and standards-based identity management practices between partners.
To support Identity Federation, EITS implemented SAML (Security Assertion Markup Language) protocol and uses the InCommon identity trust fabric.
The implementation uses UGA’s existing Central Authentication Service (CAS) for users to provide their MyID and password for authentication to services.
UGA faculty and staff can submit a request to register third-party sites and applications in UGA’s Federated Identity Provider. This allows access to those sites using UGA MyID user names and passwords.
Once a request has been submitted, the IDM team will review it and contact the applicant.