Mr Christopher Jones1, Mr Andrew Bowness1
1Australian Access Federation, Brisbane, Australia
Increasingly, universities and other research institutions have been migrating from on-premise Active Directories (AD) to a cloud-based solution such as Okta or Azure AD for their Enterprise Single Sign-On (SSO) needs. This change introduces a problem for researchers in that these services do not provide support for research federations. The question we set out to answer is how can we connect a cloud-based enterprise SSO solution to research federations seamlessly?
We designed a connector capable of communicating with Enterprise SSO solutions for authentication and Multi Factor Authentication (MFA). After the authentication process is completed, the connector then works with our hosted identity provider (IdP) to undertake all of the technical interactions necessary to provide access to globally connected research federations.
The result is an Enterprise SSO system capable of allowing users to seamlessly connect to services within global research federations. This is made possible through our hosted IdP and connector, which are deployed within AWS with high-availability guarantees, best-in-class security, and all of the latest patches. Universities are able to leverage the MFA capabilities and security policies within their Enterprise SSO solution for user authentication, and are not required to create firewall exclusions or provide access using a Virtual Private Network (VPN).
Cloud-based Enterprise SSO solutions are capable of participating in global research federations. Through the federation connector, it is possible to access a research federation seamlessly, while minimising the infrastructure requirements of the university.
Christopher graduated with a Bachelor of Information Technology from the University of Queensland in 2017 and began his career working in e-commerce within the travel sector. Christopher joined the team at the Australian Access Federation in early 2019, where he has focused on solving challenging problems with identity in the research federation space, including undertaking core development work on AAF’s Rapid IdP service.