Reading Time: < 1 minute
Graphic displaying connections of the world.

InCommon Federation

Join the Trusted Community Powering Research & Education

Connect your organization to 1,000+ research, education, and industry partners through community-governed, privacy-preserving InCommon identity federation.

Graphic of InCommon value proposition.

InCommon Federation: Trusted Access for Research & Education

InCommon Federation provides a secure and scalable foundation for cross-institutional collaboration, enabling seamless access to services, streamlined identity management, and enhanced data protection.

Whether you’re sharing resources across institutions, integrating with commercial cloud services, or enabling research at scale, InCommon helps you do it securely — with standards-based trust, flexible control, and community-driven governance.

Have Questions? Need Help? Reach Out!

What’s in it for You?

Federated Single Sign-On. One set of credentials to access 6,000+ services.

Global Resource Access. Extended access to international resources and collaborations through eduGAIN.

Enhanced Security & Privacy. Standardized authentication protects user data while ensuring authorized access.

Institutional Control. Flexibility to determine trusted partners and shared user information.

Connectors for Whatever You Have. Ensures seamless service sharing across diverse technology stacks.

Community-Driven Governance. Policies and services shaped by and for the R&E community.

Simplified IT Management. Reduced account management with streamlined agreements between institutions.

Comprehensive Support. Training, documentation, and resources for implementation and ongoing use.

Digital globe hovering between two hands.
Teaching/Learning is in our Wheelhouse

InCommon helps consortia share courses and other resources to support teaching and learning.

Industry Cloud Providers are Our Anchor Tenants

InCommon is your access infrastructure and
community gateway.

We Power Lots and Lots of Research

Learn how you’re using InCommon Federation to access to all sorts of services.

Scaling Secure Reach for Federal Agencies

The National Institutes of Health and National Science Foundation have been using InCommon for almost two decades.

Featured Resources

InCommon Federation logo to be used for featured images.

InCommon Federation Service Enhancements: Metadata Query Service and Federated Access to Federation Manager

By Albert Wu, InCommon Federation Manager, Internet2 Trust & Identity In the spring, the InCommon Federation announced a series of long-awaited enhancements to Federation services. We are nearing the finish line for two of the projects, and we’d like to share an update so that you’re able to take full advantage of federated access to the Federation Manager Portal and the InCommon Metadata Query (MDQ) Service. Enabling Federated Access to Federation Manager Portal Impact: Site Administrators will sign into Federation Manager via federated access. In July 2024, Federation Manager, InCommon’s metadata registration tool, turned on federated access for Site Admins. Federation Manager already supported federated access for eduroam administrators and InCommon Delegated Administrators. This move marks the final step in the Federation Manager’s migration to 100% federated access.  We are currently in a voluntary migration phase. More than  60% of active Site Administrators have migrated to login via federated access. Starting January 15, 2025, Site Administrators must access Federation Manager using federated access. Visit the Internet2 Identity Services FAQ to learn how to begin logging into Federation Manager via federated access. Moving to the InCommon MDQ Service Impact: All InCommon-registered services transition to the new MDQ Service by January 2025.   InCommon first launched its latest Metadata Service (mdq.incommon.org, or the MDQ service) based on the Per-Entity Metadata Query protocol in 2020. Since then, we have operated it, in parallel with the legacy InCommon metadata aggregate (md.incommon.org). We announced in April 2024 that the InCommon Federation will retire the legacy metadata aggregate at the end of 2024. That date is quickly approaching.  InCommon will retire the legacy aggregate on January 20, 2025. Please work with your administrators to update your system to retrieve metadata from the MDQ service.  To begin using the MDQ service, visit: InCommon Metadata Query (MDQ) Service We are excited about these service enhancements and look forward to working with the community to implement them. Stay in Touch with Us Do you have questions about federated access or InCommon Metadata Query? We are happy to field them at help@incommon.org.  Check the InCommon Federation wiki for updates. About the InCommon Federation The InCommon Federation provides secure single sign-on access to cloud and local services, and global collaboration tools. It connects millions of users and hundreds of educational institutions, research organizations, and commercial resource providers. The InCommon Federation and its practices are governed and built by an open community to meet the specific needs of higher education, research organizations, and their corporate partners: we value individual’s right to privacy; we believe in open, transparent, and equal sharing of information and knowledge; we encourage the ubiquitous adoption of online digital resources to accelerate research and discovery. ICYMI The Future of InCommon Federation Services: 3 Important Enhancements

Learn more
An illustration featuring a lock.

Key Identity Trends in Research & Education: AI, Federation, and Trust Management

Emerging technologies and evolving security challenges are reshaping identity and access management in research and higher education. During last month’s IAM Online webinar, we heard six InCommon Catalyst partners’ perspectives on the current and near future states of identity and access management (IAM) in research and education (R&E). Here’s an overview of the trends they highlighted. Workforce and Budget Challenges The R&E community is facing significant challenges with IAM, including staff turnover, loss of domain expertise through retirements, and increasing budget constraints. Post-COVID enrollment declines have further strained resources while security and compliance demands continue to grow. Commercial providers are also raising prices for essential services, forcing institutions to reevaluate long-standing practices like providing alumni email accounts for life. Federation Proxies and Emerging Technology Adoption  Federation proxies are becoming increasingly accepted as practical solutions for integrating new technologies while maintaining existing deployments. These proxies serve two main functions as federation adapters that serve identity providers to the InCommon federation and federation proxies that handle authentication between InCommon and target applications. This approach helps institutions manage complexity and maintain stability while adopting new security tools and protocols. OpenID Federation and the Future of Federation OpenID Federation is emerging as a potential replacement for current global research and education trust frameworks. This standard provides a flexible trust management model using trust chains – signed assertions that allow entities to trust each other through mutual trust anchors. The interest in OpenID Federation is driven by the declining standardization of XML and SAML, which are becoming less maintained and present challenges for cryptographic agility and metadata management. Additionally, OpenID Foundation’s potential to support verifiable credentials opens the door to collaboration across multiple industries, including academic credentials, research computing, finance, healthcare, and government. February IAM Online Speakers AI and Identity Management Artificial Intelligence is being increasingly deployed in IAM solutions, particularly in risk-based authentication, anomaly and fraud detection, identity verification, threat intelligence, predictive analytics, and compliance automation. However, it’s important to distinguish between machine learning approaches, which are more auditable and concrete, and generative AI, which can be prone to hallucinations and security risks. Universities are uniquely positioned to explore AI implementation given their existing graphics processing unit (GPU) compute resources and research capabilities. Machine Learning and Role Mining for Access Management AI-powered role mining and outlier detection are helping organizations optimize their identity governance. By analyzing existing access patterns, these tools can suggest role structures and identify unusual access rights that may indicate security risks. This approach helps simplify identity governance while maintaining security through data-driven insights rather than relying on potentially problematic language models. Security Considerations and Best Practices in AI Adoption As institutions adopt these new technologies, several key considerations emerge: Running smaller AI models locally on your scale to enhance privacy, security, relevance, and efficiency Carefully evaluating AI vendors and solutions Finding your right balance between convenience and privacy in biometric authentication Using existing frameworks to watch for Gen AI hallucinations Looking Ahead The future of IAM in higher education will continue to see security and compliance demands driving technology adoption in an environment with fewer skilled human resources. Well-curated AI can help manage the increased threat detection demands in an increasingly complex security context. However, success will depend on institutions’ ability to: Maintain clear use cases for new technology adoption Balance innovation with security and privacy concerns Leverage existing resources and expertise Collaborate through communities like InCommon As these trends continue to evolve, R&E institutions must stay informed and strategic in their approach to IAM. The key to success lies not in rushing to adopt every new technology, but in carefully evaluating solutions that address specific institutional needs while maintaining security and privacy standards. Through continued collaboration and careful planning, institutions can navigate these changes while building more robust and efficient identity management systems. ICYMI IAM Industry Leaders Map Out 2025’s Critical Trends & Guidance for Higher Ed

Learn more

Beyond Authentication, When Secure Access Demands Identity Assurance

IAM is no longer just about logging in—today, it supports policy, authorization, and security contexts across services. Learn how institutions are evolving their IAM strategy beyond authentication to better manage access, compliance, and collaboration.

Federation
Quick Links

InCommon Federation Manager Login
eduGAIN Map of International Federations
InCommon Federation Library
Are services up?
Baseline Expectations for Trust in Federation
Participate in the InCommon community
Contact Us
Support Research and Scholarship Efforts

Questions about InCommon Federation?

Our team is here to provide guidance and help you navigate your options. Reach out to us directly!

Contact Us

Need Support to Be Federation Ready?

Get updates on new training opportunities, events, and ways to engage with the IAM community.

Reach Out