InCommon is operated by Internet2


About            Participants            Join InCommon


Join InCommon

Federation Manager Login

Supporting Collaboration

Resources for Site Admins

Password Reset

Changing Exec/Site Admin

Baseline Expectations for Trust in Federation

InCommon Incident Handling and Reports

InCommon Metadata

Official Documents


Case Studies

Federation Basics

InCommon Federation Basics

InCommon serves the U.S. education and research communities, supporting a common framework for trusted shared management of access to on-line resources. Through InCommon, Identity Providers can give their users single sign-on convenience and privacy protection, while online Service Providers control access to their protected resources.

A federation, through its trust agreements and federating software, allows identity providers to manage user privacy and information exchange. Service providers no longer need to provision identity accounts, instead leveraging the identity provider’s identity system.

InCommon enables production-level end-user access to a wide variety of protected resources using standards-based, SAML-compliant single sign-on and federating software, such as Shibboleth®.

How InCommon Works

See a larger version of the graphic

InCommon's value is based on federated identity management

A user clicks on a Service Provider’s resource. Using federating single sign-on software, the user is authenticated by his or her Identity Provider, which releases only enough identity data to allow the Service Provider to make an access decision.

The Service Provider uses the minimum identity information necessary to control access to the resource.

InCommon participants could spend time establishing operating principles, technology hooks, and agreed-upon data exchange elements with each partner; or they could do it once through InCommon and then leverage these common elements for many relationships.

Additional background information

InCommon Case Studies

Return on Investment: The Swedish virtual organization SWAMI (Swedish Alliance for Middleware Infrastructure) has demonstrated how federated identity management can lower the costs of identity proofing [PDF]. In addition to the write-up, SWAMI has provided a spreadsheet used to determine the per-student cost [XLS] of identity proofing.

Ready the Pipes: A Campus Technology report on why now is the time to get your identity management infrastructure in place - and federating is a key part of that strategy.

Copyright 2004-2018 InCommon LLC. All rights reserved. InCommon is operated by Internet2.