InCommon Roles
InCommon Roles and How to Change Them
Here are the official roles related to InCommon Federation, the Certificate Service, and eduroam. To change them, scroll ALL THE WAY DOWN to the bottom of the page.
General Roles
- InCommon Executive: The InCommon Executive represents the participant organization regarding all decisions and delegations of authority for the responsibilities of InCommon Participants, including but not limited to all relevant federation and certificate services. This includes payment of invoices and assigning any person in the Site Administrator role (see below) for the InCommon Federation and as a Registration Authority Officer (RAO) for the InCommon Certificate Service. The InCommon Exec is authorized as such in the InCommon participation agreement or by succession from the originally named executive. The InCommon Exec will typically be filled by a CIO, VP of IT, or other senior administrative officer responsible for the organization’s information technology assets.
NOTE: We will need to schedule a short phone call with the new InCommon Executive to verify your organization’s official Site Administrators and RAO’s and to answer any questions. This verification is required per our Metadata Registration Practices Statement to help us maintain trust and security in all we do.
Federation roles
- Site Administrator: The Federation Site Administrator serves as the participating organization’s primary registrar. The administrator is responsible for registering and maintaining the policies and technical data related to the organization’s participation in the InCommon Federation, including submitting any Identity Provider and/or Service Provider metadata and associated certificates. The administrator is assigned by the participating organization’s designated executive. Each InCommon participant can have up to two Federation Site Administrators.
- Delegated Site Admin: This is a role created and managed by a Site Administrator to delegate the responsibility of metadata management for one or more Service Provider entities. A Delegated Site Admin manages metadata that, once submitted, will need to be approved by a regular Site Admin prior to review and approval by InCommon. Password resets and management of DSA’s is done by the organization’s Site Admins, not InCommon.
Certificate Services roles
- MRAO (Master Registration Authority Officer): Due to the unique architecture of the InCommon platform within the Sectigo Certificate Manager, the MRAO role is reserved for staff at InCommon. Though you will see many references to actions that can be taken by an MRAO in the documentation, please note that your campus does not have this role.
- RAO (Registration Authority Officer): The Certificate Service RAO has privileges to request and manage certificates for domains owned and controlled by that person’s organization. RAOs can also create departments and can request or approve the creation of DRAOs (Department Registration Authority Officers). Each InCommon participant can have up to three RAOs.
- DRAO (Department Registration Authority Officer): A DRAO is created and managed by an RAO to perform certificate duties scoped to a particular sub-domain or domain as defined by the organization’s RAO’s. Password resets and management of DRAO’s rights and privileges, and other administrative settings are handled by the organization’s RAO’s, not InCommon.
eduroam roles
- eduroam Administrator: Each eduroam Admin has an account in the eduroam Federation Manager to add/edit/remove contact info, make changes to configurations, location information, etc. eduroam Admins can add and manage other eduroam Admins
- Support Contact: This should be a contact where your users can get help connecting to eduroam. Preferably a group, published on maps and exported to eduroam.org where it can be displayed on the eduroam companion.
- Report Contact: This should be a contact to receive your monthly/semi-annual/yearly reports.
eduroam Admins can change any of the roles above by logging into the eduroam Federation Manager.
Role Change Web Form
Not sure which roles you have or need to change? Check our Community page to see which services you’re subscribed to.
Change Roles for My Organization
