Identity Federation

Diagram showing identity providers on the left, and Service Providers on the right, with federations in the middle (InCommon and eduGAIN).

To truly foster collaboration, identity federation is all about creating a trust framework for many organizations so users can log in with accounts from their home organization to access shared online services.

In many contexts, federation is used to enable users at one organization to log in to many online applications using the Security Assertion Markup Language (SAML) family of protocols.

Higher Ed and Research

This style of “mesh” federation is widely adopted by the higher education and research communities because cross-organizational collaboration is the norm.

  • Many universities have partnerships that allow students from other partner schools to enroll in courses and log in to their campus Learning Management System.

  • School and university systems provide central shared services for every school in their district, region, or state.

  • Virtual Organizations for research projects provide shared online collaboration platforms for faculty and private researchers at organizations across the globe.



Companies can leverage mesh federation to streamline access after corporate acquisitions. Mesh federation makes it easy to allow new companies to log in with existing user accounts until everyone is ready for a full-fledged identity consolidation project.


Federation without the Frustration

Federated identity management (InCommon and eduGAIN) allows companies and universities with multiple campuses to collaborate more efficiently. Pictured is a woman holding a globe.

Lack of Vendor Support for Mesh Federation

While many identity solutions support bi-lateral SAML federation, most do not support registration in trust federations like InCommon/eduGAIN.

Managing a Local Federation

IdP is Costly Many organizations install and run open source software solutions locally, such as SimpleSAMLphp or Shibboleth, for the singular purpose of participating in mesh federations. It can be costly to keep up with upgrades and manage integrations with the solution.


How We Help

Mesh Federation Made Easy

Cirrus Identity can “bridge” your existing identity solution, such as Microsoft Azure AD, Okta, OneLogin, CAS, or LDAP to the mesh federation of your choice, such as InCommon. Our customer support and documentation make implementation easy, and you don’t have to worry about running and upgrading on-prem SAML Identity Provider solutions anymore!

Add Additional Login Options

In addition to your federated partners, you can easily add login options for social providers like Google or LinkedIn, as well as our brandable hosted identity provider. You can use our configurable Discovery Service to configure an intuitive, easy-to-use login screen. We help you get your users to the services they need quickly and painlessly.


“At CSU Monterey Bay we have partnered with Cirrus, and have recieved top-notch support from them at every turn. I highly recommend them! We are using their hosted environment to act as a SAML bridge between InCommon SAML SPs, CAS SPs, and our Okta IDM. It has worked perfectly.”

Nick Rodrigues
Lead Network Operations Analyst, CSU Monterey Bay

Visit Our Customer Story Library

Get the Latest Customer Stories