Customer Success Use Case

Cégep de Trois-Rivières

University Access to Canadian Access Federation Services

Cirrus InCommon & eduGAIN

InCommon / eduGAIN

Description Goes Here

Summary

The Cirrus Bridge federation adapter for Microsoft AzureAD enabled a quick connection to services provided through the Canadian Access Federation

Business Challenge

The faculty at Cégep de Trois-Rivières wanted to use the plagiarism identification software Compiliatio that is provided through the Canadian Access Federation (CAF) and eduGAIN.  However, AzureAD does not natively support multi-lateral federation required.  To enable use of Compiliatio and be ready for other CAF/eduGAIN service integrations in the future, Cégep de Trois-Rivières needed the Cirrus Bridge, a federation adapter, to support multi-lateral federation.  


Since this was Cirrus’ first CAF implementation, Cirrus needed to configure multi-national inter-federation access controls with CAF, GÉANT and InCommon.

Project Goals

white_cloud

Setup AzureAD to connect to Canadian Access Federation (CAF) to enable the use of Compiliatio
white_cloud

Partner with IAM professionals so the small IT team at Cégep de Trois-Rivières could focus on other priorities
white_cloud

Provide an intuitive and transparent login experience for faculty through the AzureAD login screen.  No training required for users - they see the screen they know and trust
white_cloud

Enable MFA configuration in AzureAD to enforce future mandatory requirements for 2-factor authentication to services/applications
white_cloud

Incrementally add CAF SPs prioritized by the campus
white_cloud

Utilize cloud hosting to minimize ongoing administration

How Cirrus Helped

First, Cirrus worked with the Canadian Access Federation (CAF) and the Canadian Microsoft teams to establish a registration for Cégep de Trois-Rivières with CAF.  Now that Cirrus has established the first customer registration with the CAF, future integrations for other Canadian higher education institutions will be streamlined.

Cirrus and Cégep de Trois-Rivières then identified the attributes to assert for authentication with Compiliatio and navigated the France Connect (France Access Federation) and InCommon attribute usage to support multi-federation integrations.  

The Cirrus Bridge was easily configured in Azure AD and the faculty can access Compiliatio by entering their Cégep de Trois-Rivières account and password in the AzureAD login screen they are accustomed to seeing.  No end user training was required.

After the Bridge was implemented, Cégep de Trois-Rivières administrators were able to quickly configure MFA and new conditional access in AzureAD.  This was used to enforce a requirement that all users must be in Canada for access to login.  The requirement was easily implemented since all SPs are behind the Cirrus Bridge and managed through AzureAD.  The Cégep de Trois-Rivières team is now in a good position to address future security requirements and utilize dynamic monitoring for all services/applications - including those provided through CAF/eduGAIN.

Login Screens

compilatio_login
Cegep-TR-Login

Impacts

"We didn’t have the time to implement Shibboleth and were happy not to. Good possibilities without the hassle. We can react to new security requirements - easy, fast and compliant."

Billy Angers, Chargé de projet TI
blue_cloud

Intuitive User Experience - Faculty use the same login screen and their own credentials!
blue_cloud

Reduced IT Staff Labor - Staff do not have to learn, implement and maintain Shibboleth.  With the labor savings, they can focus on top priorities!
blue_cloud

Faster Solutions for Federation - The Bridge extended AzureAD now Cégep de Trois-Rivières can leverage more CAF services.
blue_cloud

Security - Security requirements can be configured once and uniformly enforced.

"We had heard positive feedback on Cirrus and were happy to have you on our side. We started with a good first impression and increased our confidence through the project. Future projects are now easier and faster. "

Maxime Laroche, Analyste informatique

Cirrus Products Used

CirrusIdentityBridge

Bridge

Extends or translates CAS/SAML for use with Microsoft AzureAD, Okta, Slate or other commercial services to support InCommon/EduGAIN/CAF mesh style federation.

See more

High Level Architecture

CegepTR-Architecture-1

Cégep de Trois-Rivières

Cegep-TR-Logo

4,000+

Academic Students

2,000+

Continuing Education Students

42

Tracks