Page History

Policy for Accepting Federated IdPs

Identities from external providers may be used for access to applications with baseline authentication needs, i.e., without requirements for higher level of assurance such as multi-factor authentication or face-to-face identity vetting. Only one account per IdP can be bound to a user's NCSA identity. NCSA resources may choose from the following valid supported identity providers; the default for a resource is to only access NCSA identities and approval is needed from the CISO to allow the use of linked identities:

• identity providers in the InCommon (incommon.org) federation, including research and education providers in the United States and international providers from eduGAIN (edugain.org) member federations.
• open access identity providers: Google (accounts.google.com), GitHub (github.com), and ORCID (orcid.org)
• identity providers operated by NCSA industry partners

Using a Federated IdP does not exempt a system from the NCSA MFA requirements above.

Support for higher level of assurance from external identity providers requires custom configuration. Contact help+idp@ncsa.illinois.edu for assistance with higher level of assurance use cases.  Changes in the list of acceptable federated IdPs is approved by the CISO.