Cirrus Identity Blog | Identity and Access Management

For years, identity governance and identity management in higher education have been shaped by relatively stable assumptions about workforce and student lifecycles. Workforce identities follow predictable employment patterns. Student identities progress from applicant to enrolled to alumni along well-understood paths. Governance models, access management tools, and authentication policies evolved to support these populations at scale.

IAM Online Multilateral Federation Webinar participants:

Microsoft has published a new Azure AD document (Entra ID) outlining the challenges, baseline design and solutions for multilateral federation that highlights the Cirrus Identity SAML Bridge as the first solution. Multilateral federation facilitates collaboration across multiple organizations around the world and it is a critical component to Identity and Access Management architecture in higher education and research. When an institution joins an eduGAIN national federation, they gain access to over 5,000 applications. Entra AD does not support multilateral federation, but there are solutions available to fill the gap.  

An Identity Registry is a system which registers and maintains information about entities of interest to the organization operating the registry, and to make this information available to other systems. This definition comes from the Identity Registries Team in the now-retired CIFER (Community Identity Framework for Education and Research) group organized by Internet2.

The concept of an Identity Registry is not new, though the language describing it tends to be unique to Higher Education. 

In identity management, a System of Record is an authoritative source for data about user or other entity. At many higher education institutions, the System of Record is the starting point for creating a directory of users including students, staff, and other people associated with the institution.