Table of Contents

Situation

Table of Contents

Situation

Microsoft has published a new Azure AD document outlining the challenges, baseline design and solutions for multilateral federation that highlights the Cirrus Identity SAML Bridge as the first solution. Multilateral federation facilitates collaboration across multiple organizations around the world and it is a critical component to Identity and Access Management architecture in higher education and research. When an institution joins an eduGAIN national federation, they gain access to over 5,000 applications. Azure AD does not support multilateral federation, but there are solutions available to fill the gap.  

InCommon and Azure AD - The Multilateral Federation Challenge

Multilateral federation facilitates collaboration across multiple organizations around the world. InCommon, CAF, UK Federation and all eduGAIN federations utilize multilateral federation. It is a critical component to Identity and Access Management architecture in higher education and research. Azure AD does not support multilateral federation natively, but there are solutions available to fill the gap.

Federaciones multilaterales y Azure AD - El reto

Las Federaciones multilaterales facilitan la colaboración en varias organizaciones de todo el mundo. Es un componente fundamental para la arquitectura de gestión de identidades y acceso en la educación superior y en investigación. Azure AD no es compatible con la federación multilateral de forma nativa, pero hay soluciones disponibles para llenar el vacío.

An Identity Registry is a system which registers and maintains information about entities of interest to the organization operating the registry, and to make this information available to other systems. This definition comes from the Identity Registries Team in the now-retired CIFER (Community Identity Framework for Education and Research) group organized by Internet2.

The concept of an Identity Registry is not new, though the language describing it tends to be unique to Higher Education. 

In identity management, a System of Record is an authoritative source for data about user or other entity. At many higher education institutions, the System of Record is the starting point for creating a directory of users including students, staff, and other people associated with the institution.

Identity Management (also known as Identity and Access Management, or IAM) is a set of systems and processes for managing how people in an organization authenticate themselves to IT systems and what resources they can access. Identity management is usually undertaken by IT staff specialising in user management and security.