Customer Success Use Case

University of Notre Dame

University Access to InCommon Services with Okta

Single Sign-On

Description Goes Here

InCommon / eduGAIN

Description Goes Here

Summary

The Cirrus Bridge quickly connected Okta to InCommon services and provided Notre Dame users a consistent and intuitive login experience.

Business Challenge

The University of Notre Dame had hundreds of applications using CAS for Web Single Sign-On and SAML (via Shibboleth) for InCommon federated applications.

To support a cloud first strategy, Notre Dame chose Okta as their primary Identity Management solution.

The Okta Identity solution had 2 gaps:

Didn’t integrate with the InCommon trust federation
Didn’t support applications using CAS

The conversion of the Notre Dame CAS applications to use SAML and the newly purchased Okta Identity Solution was anticipated to take over 2 years.

Notre Dame needed a solution to speed up the migration.

Project Goals

Maintain access to InCommon services and implement Okta on an expedient timeline.

Support over 100 CAS authenticated applications and give the IAM team time to migrate them to SAML.

How Cirrus Helped

The University of Notre Dame utilized the Cirrus Identity Bridge solution to fill the gaps with Okta. This allowed them to quickly implement and begin yielding legacy infrastructure and support savings.

The Cirrus Federation Bridge supports multi-lateral federations required by InCommon and eduGAIN, allowing Notre Dame to migrate to Okta and still maintain access to InCommon services.

The Cirrus CAS Bridge enabled SSO via Okta to over 100 CAS-enabled applications so that Notre Dame could expedite their implementation to make Okta for their Identity Provider.

The Bridge service maps attributes (first name, last name and eduPersonPrincipalName) from Notre Dame’s Okta instance into the format expected by InCommon and CAS applications.

From a technical perspective, the Bridge acts as an Identity Provider to Service Providers in InCommon and as a Service Provider to Okta at Notre Dame.

Cirrus provided expert guidance and over 150 Service Provider integrations were configured and tested over a few months. The actual migration was handled via a simple DNS change on the cutover weekend.

Notre Dame Login

Notre Dame users saw no change in their login screen!

Impacts

"Cirrus was fantastic and very flexible in thinking about ways to execute the solution."

John Schrader, Cloud Engineering Specialist

Faster Implementation & Cost Savings - Allowed Notre Dame to quickly benefit from their investment in Okta, retire the local SAML IdP deployment and retire their CAS infrastructure in a phased approach, independent of the Okta go-live timeline.

Minimize User Impact - Maintained access to CAS authenticated applications and InCommon services and enabled a "big bang" cutover with minimal downtime - only the time it takes for campus DNS servers to refresh.

"It was a top priority to shorten the implementation time frame."

Michele Decker, Manager, IAM Services

Cirrus Products Used

Extends or translates CAS/SAML for use with Microsoft AzureAD, Okta, Slate or other enterprise services to support InCommon/EduGAIN mesh style federation.