The Bridge from Cirrus Identity addresses both Okta limitations - it provides mesh style federation required by InCommon and CAS to SAML protocol translations required by key applications.
The Bridge securely consumes InCommon metadata, and supports the registration of a single SAML Identity Provider endpoint for participation in the federation.
The Cirrus Bridge functions as an application within Okta. Cirrus provides step-by-step instructions and guidance to the Okta Administrator to quickly configure the Bridge within the Okta Portal. It requires only a few parameters provided by Cirrus Identity to define a new application to point to the Cirrus Bridge.
The implementation started with an initial assessment of CSUMB’s environment. It was identified that a dedicated Bridge was needed to support the network and security constraints of CSUMB’s large CAS administrative applications. A dedicated CAS Bridge was deployed for those applications and a general purpose Bridge was deployed for InCommon and other CAS service providers. The separate bridges also allowed the deployments to take place at separate times. The administrative Bridge was deployed first at a carefully scheduled deployment window coordinated with the associated applications. This allowed downtime to be minimized. The separate deployments also enabled CSUMB administrators to apply separate policies within Okta. This allows each Bridge instance to have different user and MFA requirements.
After the initial setup, service providers published in InCommon metadata are accessible provided sufficient attributes are released. Since CSUMB had already registered an IdP with InCommon, the certificates and DNS name were transferred to the general purpose Bridge. This enabled the change to be transparent to the InCommon federation.Configuration of non-InCommon or CAS service providers, as well as configuration of attribute release is made by contacting Cirrus Support. In the future, these will be self-service capabilities in the Cirrus Administration Console.
The Bridge saves customers the time and effort they would need to maintain comparable solutions themselves. Cirrus Identity also brings many years of InCommon and CAS experience to help customers quickly deploy to production.
As with many successful IT projects, after the implementation of the Bridge, the end users did not notice a change. An individual can start the day logging into GSuite using Okta and then seamlessly access an InCommon federation application. When an end user sees a login screen, it is always the same one.