...
The security team must have a method to perform real-time queries against authorization and authentication logs, for both failed and successful attempts. These logs must contain information on authentication or authorization events to determine time, target system, account used, and source host. Other information may be required to support the non-security, business needs of the Center.
Federated & External Identity Providers
Exporting NCSA Identities
NCSA supports Shibboleth and OpenID Connect/OAuth services to allow other organizations to securely use NCSA identities. New interfaces to NCSA IdM services must be approved by the IIB before being added.
Privacy
Information Collected
...
Support for higher level of assurance from external identity providers requires custom configuration. Contact help+idp@ncsa.illinois.edu for assistance with higher level of assurance use cases. Changes in the list of acceptable federated IdPs is approved by the CISO.
Exporting NCSA Identities
NCSA supports Shibboleth and OpenID Connect/OAuth services to allow other organizations to securely use NCSA identities. New interfaces to NCSA IdM services must be approved by the IIB before being added.
...
Exceptions Process
There are exceptions and special cases to any policy. Requests for exceptions should be made to the NCSA Security Office and may be approved by either that office or the NCSA Director's Office.
...