InCommon is operated by Internet2


About            Participants            Join InCommon


Join InCommon

Federation Manager Login

Supporting Collaboration

Resources for Site Admins

Password Reset

Changing Exec/Site Admin

Baseline Expectations for Trust in Federation

InCommon Security Incident Handling Framework

InCommon Metadata

Official Documents


Case Studies

Federation Basics

Internet2 Industry Program - Trust and Identity Solution Providers

News from the Federation

Information for InCommon Site Administrators

The Administrative Contact is responsible for submitting all metadata, certificate signing requests, and Participant Operating Practices (POP) URLs to the InCommon Federation.

InCommon Participant Operating Practices (POP)

Each participant's POP (Participant Operating Practices) outlines its Identity Management and/or Service system(s). Service Providers will use the POP to determine their level of trust for assertions from each participant. Identity Providers will evaluate each Service's privacy policies and attribute collection and use policies.

The InCommon participation agreement requires each IdP and SP to publicly post its POP on its website, and to include a link to that POP in the metadata. Site administrators can add the link by logging into the administrative interface (also known as the Federation Manager).

A sample POP is available in three formats: HTML, Word, and PDF.

Number of Site Admins

Each organization designates up to two (2) site administrators. Requests to add/change site admins must come from your organization's InCommon executive.

Password Reset

If you have forgotten your password, use our automated two-factor password reset. A detailed description is on the wiki, and you can watch a one-minute video demo.

Software Guidelines and Protocol Support

InCommon publishes information about supported software and protocols.

Metadata Submission

InCommon signs metadata every weekday afternoon (M-F) at 2:30 p.m. (Eastern time), except for certain holidays and other occasions.

For information on metadata submission, and the metadata required of both identity management systems (Identity Provider) and online resources (Service Provider), please see the metadata page.


InCommon accepts self-signed certificates. You can view this wiki page for more information on self-signed certs.

Shibboleth Recommendation - New Deploys

InCommon strongly recommends that all new participants planning to use Shibboleth Federated Single Sign-on Software install and deploy the latest version of the software. The Shibboleth project wiki provides installation and configuration documentation. Support comes through the Shibboleth users email list (users AT shibboleth DOT net), although it is recommended to search the list archives to see if your question has been previously answered. Subscribe to the list by sending email to users-subscribe AT shibboleth DOT net.

Getting Help

Commonly sought information from the InCommon web:

The InCommon Collaboration wiki provides recommended practices and space for InCommon collaboration groups.

Internet2 Trust and Identity solution providers can help with software, content, guidance, support, and implementation and integration services related to participating in the federation.

InCommon is a community-driven service. The InCommon Participants email list (participants AT incommon DOT org) provides a place to pick the brains of your fellow participants.

Copyright 2004-2018 InCommon LLC. All rights reserved. InCommon is operated by Internet2.