Federated Identity Service | Office of Information Technology

Federated Identity Service

Last Updated: 08/17/2016

Overview

Federated Identity Service is an IdentiKey login system placed in front of some Federated web services. Log in with your IdentiKey when you see Federated Identity Service and follow the on-screen steps. When you jump from service to service that uses Federated Identity Service, you'll only have to sign in once for the duration of your session.

Federated Identity Service provides access to multiple services via single sign-on through IdentiKey authentication, then shares your attributes with the service(s) being accessed. Attributes are shared securely and do not contain any private or sensitive information. You will be asked to review and release these attributes on your first visit. If you do not release the attributes, you cannot access the service. 

Federated Identity Service Login Page

Due to a recent update of the Federated Identity Service, you may see your Digital ID Card and be prompted with release consent options (see example below). Digital ID Cards outline identifying information that is shared with the service. You have the option to provide consent for each login, or store consent and not be prompted again unless there is a change in the information. First-time users of a protective service will always be prompted for consent. 

Features

  • IdentiKey login page for some of the campus's web services.
  • Mobile friendly version automatically displays on smartphones.
  • Federated Identity Service is based on Shibboleth.
  • CU-Boulder has joined the InCommon Federation. Federated Identity Service is the login page front end for CU-Boulder authentication instances.

Related Policies

InCommon Federation: Participant Operational Practices

Benefits

  • Provides a single sign-on session for all CU-Boulder services that are using Federated Identity Service. Meaning, if you've signed onto one service using Federated Identity Service and you go to another one that uses Federated Identity Service, you won't have to sign in again in the same session.

Who can get it

Faculty, staff, students, and affiliates will come across Federated Identity Service when logging into some campus web services.

How to get it

System administrators who wish to place Federated Identity Service in front of a service should read through the Service Policy and Guidelines, and then fill out the Service Provider Enablement Request Form.