How To Set Up Attributes in the Cirrus Bridge Enterprise Application When Different Service Providers Have Different Attribute Requirements
Typically, the default Cirrus Bridge is configured to release at least the attributes to satisfy the Research and Scholarship, REFEDS Research and Scholarship category, requirements for access to popular InCommon Service Providers (SPs) like NIH and EDUCAUSE.
Frequently, customers need to add additional attributes to satisfy different SP requirements. The preference is to add these attributes to the default Cirrus Bridge attribute release. SPs that do not require an attribute will ignore them in the assertion.
Occasionally, there are use cases where customers want to avoid releasing the additional attributes by default. Here are a few common reasons for this:
• The values for the attribute may be sensitive and require use only on an as-needed basis.
• An SP may require a different format or type of value for an already defined default attribute like NameID.
• An SP may require the attribute release to be encrypted.
• An SP may have access restricted to a specific group of users that differs from default.
The Cirrus Bridge can meet these use case requirements using its Conditional Access feature. Conditional Access allows the Cirrus Bridge to determine which attributes should be released based on which downstream Service Provider is making the request, giving customers the flexibility to meet unique SP authentication requirements. The Cirrus Bridge responds in near real time to the changes a customer makes to the Cirrus Bridge enterprise application in their IdP. This eliminates configuration or coordination with Cirrus Support. This gives the customer granular control over attribute release, access assignment, and other access controls from within either the Entra ID or Okta administrative portals.
For more information on how to configure attribute releases using Cirrus Bridge Conditional Access, watch our Cirrus Bridge: Conditional Access video below.
Check out more Bridge documentation here:
Also, reference the Cirrus Identity’s YouTube channel for more product and customer implementation videos: https://www.youtube.com/@cirrusidentity
As always, feel free to contact support@cirrusidentity.com if you have any questions or sales@cirrusidentity.com for more product information.