Cirrus Identity advocates for the use of multilateral federated identity. Reality doesn’t always live up to this ideal. The practical reality is applications or services often don’t fully support the technologies for multilateral federation. Additionally, use cases such as protocol translation or account linking often require a proxy component.
Not supporting the attributes as asserted by identity provider(s)
Not being able to require multi-factor authentication (MFA) because it is not supported by some or all identity providers
The Proxy can also be used by an organization architecturally to act as a single access point for audiences to access a group of service providers. Examples are:
Applicants often need access to a subset of an organization’s services before they are fully admitted. For example, services to check application status, apply for scholarships, and pay fees can be deployed behind a Proxy for a uniform access experience.
Alumni also need access to services such as transcript requesting, engagement platforms, career services. A centralized Proxy can streamline access to these services and improve engagement. The uniform and consistent experience for the end user is especially desirable for this audience.
The Proxy is also part of the Cirrus family of solutions and is fully integrated with:
Cirrus Discovery to enable the easy configuration of a user interface to select the identity provider for log in
Cirrus Gateway to enable both social login and organization IdP authentication to service providers
Cirrus Account Linking to enable liking organizational data to external identities asserted by either social login or federation identity providers
Cirrus Invitation to enable coarse grained authorization control to services based on sponsors associated with the institution
Cirrus External Identity Provider to enable organizations to offer a separate guest account with associated password that reflects the organization’s brand but as a SaaS solution
Cirrus Identity doesn’t believe in re-inventing the wheel. The Proxy has at its foundation the well tested and widely adopted SimpleSAMLphp open source project (SSP). Cirrus Identity is both an active participant, and contributor to the SSP community. We believe basing our solution on SSP allows us to both actively participate in the global academic identity management community, and focus on delivering effective solutions to our customers.