Identity Federation Modernization Roadmap

info

The identity federation modernization roadmap provides transparency regarding the ongoing initiatives affecting our system identity federation.

Program Objectives

The identity federation modernization strategy is a collective effort to achieve the following outcomes:

Disseminate identity, credential and access management (ICAM) responsibility to system members and trusted third-parties (e.g., ID.me)

System members are best positioned to validate the identity of their active users (students, faculty, staff, contractors, and other affiliates). Effective ICAM makes the most sense when administered at this level.

Deprecate the system-level centralized identity stores used for authentication (e.g., TAMUS UIN)

Transferring ICAM to the member and trusted third-party level allows the A&M System to deprecate legacy username/password identity and authentication systems, reducing the attack surface, management overhead, and cost associated with administering multi-factor authentication for large constiuencies of users from across the system.

Leverage the leading research and education authentication federation--InCommon--to provide multi-lateral identity federation for the A&M System

The InCommon Federation has a robust infrastructure purpose-built to support research and education institutions engaging in federated identity transactions with other R&E institutions. The self-service provisioning and management, and dedicated support from Internet2, provides a resilient identity federation to support the A&M System for years to come.

Roadmap

TAMUS SSO Institution Login

Enable system members to use institutional SSO when accessing the TAMUS shared services portal (TAMUS SSO).

Plan

→

Pilot

→

Operate

→

Scale

→

Deprecate

FY24

Operate

Add member IdP metadata to TAMUFederation

Done

FY25

Scale

Transition active faculty and staff from UIN to institution login

Done

Depends on:FY24

FY27

Deprecate

Current

Deprecate UIN login for all users

Planned

Depends on:FY25FY26 Q3

TAMUS SSO adoption of ID.me

Adopt ID.me for member affiliates--pre-hires, retirees and beneficiaries.

Plan

→

Pilot

→

Operate

→

Scale

→

Deprecate

FY25

Plan

Integrate ID.me as an authentication source for TAMUS SSO

Done

FY26 Q1

Pilot

Current

Select members to pilot use of ID.me for pre-hires and retirees

In progress

FY26 Q3

Scale

Rollout ID.me availability to remaining system members

Planned

FY27

Deprecate

Deprecate UIN login for affiliates

Planned

Transition TAMUFederation to InCommon Federation

Replace TAMUFederation metadata aggregate as system's identity federation with InCommon Federation.

Plan

→

Pilot

→

Operate

→

Scale

→

Deprecate

FY26 Q1

Plan

Current

Enroll system member IdPs in InCommon Federation

Slipped

FY26 Q1

Pilot

Current

Pilot member InCommon authentication with Cyber applications

In progress

FY26 Q2

Pilot

Test InCommon Federation metadata with TAMUS SSO Dev/Test

Planned

Depends on:FY26Q1.1

FY26 Q3

Operate

Transition member SSO buttons to InCommon Federation IdPs

Planned

FY26 Q4

Deprecate

Deprecate TAMUFederation for TAMUS SSO

Planned

Depends on:FY26 Q3

Adopt InCommon Baseline Expectations

Replace TAMUFederation metadata aggregate as system's identity federation with InCommon Federation.

Plan

→

Pilot

→

Operate

→

Scale

→

Deprecate

FY27

Operate

Raise member awareness to adopt InCommon Baseline Expectations

Planned