4 Tips on How to Up Your IAM Game Using COmanage and the InCommon Trusted Access Platform

Subscribe for more like this



By Laura Paglione, Partner at Spherical Cow Group

Estimated reading time: 6 minutes

Laura Paglione is a partner at Spherical Cow Group (SCG), the open-source lead of the COmanage project, and an InCommon Catalyst. Laura leads COmanage workshops through the InCommon Academy’s software training and is also a member of the InCommon Federation Steering Committee. In this blog post, she draws on her experience to offer four tips on how to use COmanage and the Trusted Access Platform to up your institution’s identity and access management (IAM) game. 

Want to learn more from community experts like Laura? Plan to sign up for spring 2022 InCommon Trusted Access Platform training!

In 2019, SCG and InCommon started to discuss what training might look like for COmanage, a new component of InCommon’s Trusted Access Platform. I had joined SCG in late 2018 and had only just started working on the COmanage project. Developing training materials sounded like a great opportunity for me to deeply learn the platform and leverage my “newcomer status” to consider how to explain COmanage to those who are just getting started with it.

A Closer Look at COmanage

COmanage logo

If you’re new to COmanage, it’s an open-source project focused on streamlining digital lifecycle management for your populations. It consists of two tools: Registry and Match. 

COmanage Registry is an identity registry with flexible enrollment and lifecycle management capabilities that help institutions meet their identity management objectives using standardized tools and approaches. It can be used as a central person registry, guest management system, or collaboration hub for scholarly and research collaborations.

COmanage Match performs identity de-duplication to help minimize the creation of duplicate accounts for the same individual. It provides a heuristic-based system for matching identity records across multiple authoritative systems of record. Match can be used with Registry or as a standalone product complementary to other IAM tools.

Tips on How to Streamline IAM

Through my experience engaging with the InCommon community and leading training workshops on COmanage, I’ve gained a lot of insight into shared challenges and tried-and-true approaches to overcome them. Wherever your institution is at on its IAM journey, here are four tips you can use to up your IAM game.

  1. Consider the whole puzzle.

IAM solutions, particularly those involving a person registry and lifecycle management platform like COmanage Registry, tend to be foundational for enabling a host of changes and improvements, along with new capabilities and connections between people, resources, and departments. Although you may only be thinking of addressing one part of this overall system, it is worth your time to consider where these solutions may be applied more broadly. Once you have a plan, the selection of your first project is critical, which leads us to tip #2 … 

  1. Don’t try to boil the ocean in phase one.

An important complement to considering the whole puzzle is figuring out where to start building. After all, you aren’t going to be able to do everything at once! Ensuring that you can point to a successful solution early in your work is important for adoption and buy-in for future stages of the project.

Key factors in selecting a starter project to build upon include:

  • Quick to Launch  Choose a project that can be addressed fairly quickly but still contributes to your overall plan (see tip #1).
  • StrategicAn ideal project focuses on a problem that currently causes an undue amount of annoyance, pain, cost, and/or embarrassment in comparison to the effort required to address it within your IAM plan. These types of projects are often very visible demonstrations of success and can help fuel future support for the work.
  • Supported While high-level project champions are always important, you likely will need significant support at multiple levels of engagement for any IAM project. Finding a project where it will be easier to build and maintain that support is important for project success.
  1. Know that IAM is the glue.

One of IAM’s superpowers is its ability to connect functions, resources, and people that are traditionally separate. It is a non-trivial – yet extremely worthwhile – task to stitch them together in a way that not only achieves your primary goals but also enables things that you may not have originally thought possible. 

To enable this magic, take time to understand the pain points among groups that you may not have interacted with in the past. With this approach, you have the opportunity both to increase the efficiency and effectiveness of how your organization does its work and enable new opportunities that couldn’t even be conceived of at the outset.

  1. Get involved.

Many of the Trusted Access Platform tools are open source and are greatly strengthened by the support and involvement of the community. There are a lot of ways to participate and learn as part of the InCommon community, which can greatly benefit your projects and open doors to new opportunities for your organization.

Want More Tips and Insight? Join Us for Training!

Getting information and insights in the form of training is always an efficient way to prepare to implement something new. The InCommon Academy’s Trusted Access Platform training provides this benefit in spades. 

The workshops on Grouper, COmanage, Shibboleth, and midPoint are created specifically for this community with thoughtful consideration for the needs and complexities found in higher education and research. The instructors and course designers have been in this industry for much of their careers, and they have a deep understanding of what success looks like and where the pitfalls may lie when trying to achieve it. 

But perhaps the less obvious benefit is that these workshops are also attended by your peers who have similar needs and use cases, and are likely somewhere on the continuum of trying to solve some of the same challenges that your organization is facing. During and after the workshops, these individuals and organizations form a peer support network that in many ways surpasses the learning outcomes from the workshops themselves.

It’s worth giving the Trusted Access Platform training a try! Registration for spring 2022 workshops will open soon. If you have questions, please email training@incommon.org.

InCommon training schedule


Did you know? InCommon Academy is a community of learning that also includes the Collaboration Success Program (CSP). Read about the 2021-22 CSP Cohort.