Holistic IAM for Secure Collaboration

• U.S.-based colleges and universities (multi-campus universities can use group agreements)
• Research labs, libraries, and museums
• K–12 schools (through Support Organization partnerships in select states)
• Companies and organizations (as free hotspot/service providers)

• An InCommon or Internet2 membership is NOT required to participate.
• Sign the eduroam Connector Agreement (one-time $700 setup fee, waived if signed without modifications)
• Pay annual fees based on enrollment: $0.10 per student (IPEDS headcount) or per FTE, with a $400 minimum
• Internet2 Higher Education members receive eduroam as a member benefit
• Implement standards-based Wi-Fi using IEEE 802.1X with WPA2/WPA3-Enterprise
• Deploy and maintain a RADIUS authentication infrastructure

1. Check eligibility and choose the appropriate agreement type (single campus or multi-campus)
2. Sign the agreement via DocuSign
3. Register your organization and designate technical and administrative contacts
4. Configure RADIUS infrastructure and enable 802.1X authentication
5. Test connectivity with the eduroam network
6. Broadcast the eduroam SSID across your wireless infrastructure

As an eduroam participant, you can also benefit from:

• International eduroam connectivity (available in 100+ countries)
• The eduroam Advisory Committee
• The Support Organization program for K-12, libraries, and museums
• Hotspot/SP-only participation for organizations providing access only
• Integration with the InCommon Federation for enhanced services

• U.S.-based higher education institutions (qualified for .edu domains)
• Not-for-profit regional research and education networks (with primary U.S. offices)
• Certain non-profit research organizations
• InCommon membership required to access the Certificate Service

• Sign both the InCommon Participation Agreement and the Certificate Service Subscriber Addendum

• Commit to an initial three-year subscription with annual billing

• Pay annual fees based on Carnegie Classification (ranging from $550–$11,000)

  • Regional networks pay a flat $2,000

  • Internet2 members receive a 25% discount

• Designate Registration Authority Officers (RAOs) and follow CP/CPS policies

• Use certificates only for organizational purposes (no reselling)

1. Sign agreements via DocuSign (Participation Agreement + Certificate Service Addendum)
2. Register your InCommon Executive and up to three RAOs
3. Access the Certificate Manager interface to configure domains and workflows
4. Appoint Department RAOs for distributed administration (if needed)
5. Request, install, and test certificates through the Certificate Manager, API, or ACME automation

• Single sign-on with MFA for Certificate Manager access via InCommon Federation
• ACME automation for large-scale certificate deployment
• Support for Extended Validation (EV) and code-signing certificates
• Community learning through the cert-users email list and regular webinars
• Sectigo technical support services for advanced troubleshooting
• InCommon Academy training courses on certificate management and automation
• Expert consulting from InCommon Catalysts for planning and deployment

The Trusted Access Platform is available to all research and education institutions. The software is free to use under an open source license, provided as-is, without warranty or support, and for non-commercial purposes only.

• There are no fees for the software itself.
• Follow the Apache 2.0 open-source license
• Comply with non-commercial use restrictions
• Integrate TAP components with existing identity management systems

1. Use IAM Sketch to visualize your IAM architecture
2. Review the TAP software to see which components (Shibboleth, Grouper, COmanage, midPoint) fit your IAM needs
3. Download the open source software from the TAP Library
4. Use component-specific implementation guides for configuration
5. Explore training programs, including InCommon Academy workshops, for hands-on learning

• Visualize your IAM framework with IAM Sketch, a tool that puts each main component in the context of IAM architecture
• InCommon Academy training courses for each TAP component
• Component-specific working groups (midPoint, COmanage, Grouper)
• InCommon Catalysts for expert consulting and implementation guidance
• The Accelerators Program (formerly known as Collaboration Success Program) for structured implementation support

Organizations that are current InCommon participants or eligible to join InCommon can utilize Catalyst services. This includes accredited U.S. post-secondary institutions, research organizations, and their sponsored partners.

• InCommon membership required (current or prospective participants)

• No additional fees for Catalyst consultation services

• Subject to InCommon policies and participation agreements

• Catalyst availability may vary based on demand and expertise areas

1. Contact InCommon to request Catalyst assistance
2. Describe your project and technical requirements
3. Get matched with an appropriate Catalyst based on expertise
4. Schedule consultation to discuss implementation approach
5. Receive ongoing support throughout your project timeline

• InCommon Academy for training and workshops to build internal expertise
• TAP (Trusted Access Platform) for open source software and implementation guides
• InCommon Federation for core identity federation services
• Community forums and working groups for peer collaboration

• IAM implementers, identity practitioners, and information security professionals
• System administrators supporting access and infrastructure
• IT leaders and technology decision-makers
• Staff and cross-functional teams from research and education institutions—at any experience level

• Registration is required for each course, event, or program offering.
• Fees vary by offering; discounts may be available through InCommon or Internet2 memberships and bundled programs.
• Course access includes learning materials, participation in live sessions via Zoom, and recordings (when applicable).
• Many offerings include extras such as live office hours, peer collaboration through Slack channels, and digital badges to recognize course completion.

1. Browse available trainings, events, and programs
2. Register for offerings that match your goals or role
3. Receive a welcome email with access to our learning platform (where offered)
4. Access virtual machine environment (where applicable) for hands-on experience
5. Engage with instructors, peers, and content through office hours, Slack channels, and guided discussions

• IAM Workshops, BaseCAMP, and CAMP Week for foundational and advanced topics in identity and access management
• Software Training on Trusted Access Platform components—Shibboleth, Grouper, COmanage, and midPoint
• Accelerator Programs (formerly Collaboration Success Program) for guided implementation support and cohort-based collaboration
• Thread Meet-Ups, Roundtables, and Bonfires for informal, community-led peer exchange
• Peer networks and community channels to connect with fellow learners, Academy alumni, and IAM practitioners
• IAM Online Webinars for continued learning and insights into emerging trends and community practices