Single Sign-On and Multifactor Coming for InCommon Certificate Service
A pilot involving several InCommon Certificate Service subscribers continues, testing the use of single sign-on (SSO) and multifactor authentication (MFA) to log in to the Comodo Certificate Manager. This is a feature that has long been requested and was one of the top most-desired items on the survey conducted last year.
Rather than use credentials provided by Comodo, those who administer certificates on campus (both RAOs, or Registration Authority Officers as well as DRAOs, or Departmental Registration Authority Officers) will use their InCommon federated credentials for single sign-on. In addition, RAOs will leverage their local multifactor authentication process to secure their logins. The benefits of this approach include:
- The InCommon Certificate service is used by organizations as their basis of internal and external trust. Protecting access with MFA reduces the likelihood of stolen credentials.
- MFA-protected SSO increases security by leveraging protected campus credentials that RAOs already use in their local context to access higher security services.
This security enhancement will leverage the REFEDS Multi-Factor Authentication Profile that allows service providers to signal the need for, and Identity providers to signal the use of, multifactor authentication. The profile is maintained by the international Research and Education Federations (REFEDS) organization comprised of more than 40 national federations (including InCommon).