Identity Federation Modernization Roadmap
The identity federation modernization roadmap provides transparency regarding the ongoing initiatives affecting our system identity federation.
Program Objectives
The Identity Federation Modernization Strategy is a coordinated enterprise initiative designed to strengthen assurance, reduce systemic risk, and modernize authentication across the Texas A&M University System.
The program advances three core objectives.
🏛 Decentralize ICAM to Members and Trusted Providers
Identity, Credential, and Access Management (ICAM) responsibilities are best executed closest to the source of truth.
System members are optimally positioned to validate and manage the identities of:
- Students
- Faculty
- Staff
- Contractors
- Affiliates
Where appropriate, trusted third-party providers (e.g., ID.me) may support assurance workflows.
Decentralizing ICAM:
- Improves identity accuracy and accountability
- Aligns authentication with local business processes
- Reduces dependency on system-level credential management
- Strengthens overall identity assurance posture
🗂 Retire Legacy Centralized Authentication Stores
Modern federation reduces the need for system-level centralized identity stores used solely for authentication purposes (e.g., TAMUS UIN-based username/password systems).
Transitioning ICAM responsibilities to members and trusted providers enables the system to:
- Deprecate legacy authentication platforms
- Reduce enterprise attack surface
- Eliminate large-scale credential repositories
- Lower MFA administration overhead
- Decrease long-term operational cost
This objective reflects a deliberate shift away from broad centralized credential aggregation toward distributed, standards-based identity trust.
🌐 Leverage InCommon for Multi-Lateral Federation
The strategy leverages the InCommon Federation as the authoritative trust framework supporting multi-lateral identity transactions.
InCommon provides:
- Purpose-built federation infrastructure for higher education
- Standardized metadata and trust frameworks
- Self-service provisioning and lifecycle management
- Dedicated operational and security support from Internet2
- Long-term sustainability aligned to the research and education (R&E) community
Adopting InCommon as the primary federation backbone ensures:
- Interoperability with national academic partners
- Secure cross-institutional collaboration
- Reduced need for bilateral authentication agreements
- A resilient federation model designed for long-term viability
Strategic Outcome
Collectively, these objectives transition the Texas A&M University System from legacy centralized authentication models to a modern, federated, standards-driven identity ecosystem — preserving member autonomy while strengthening enterprise-wide security.
Roadmap
TAMUS SSO Institution Login
Enable system members to use institutional SSO when accessing the TAMUS shared services portal (TAMUS SSO).
TAMUS SSO adoption of ID.me
Adopt ID.me for member affiliates--pre-hires, retirees and beneficiaries.
Transition TAMUFederation to InCommon Federation
Replace TAMUFederation metadata aggregate as system's identity federation with InCommon Federation.
Adopt InCommon Baseline Expectations
Replace TAMUFederation metadata aggregate as system's identity federation with InCommon Federation.