XSEDE Capability Delivery Plan for "IDM-05: Link or unlink a non-XSEDE identity"

Use Case IDM-05: Link or unlink an identity from another organization

Area: Account Management
URLs: Public, Review

Executive Summary: A community member wants to link his/her identity in another organization to his/her community identity so he/she can use either identity when logging in to a community website or application. (Or, the user may wish to unlink an identity from another organization so it can no longer be used to login.)

First CDP: 2018-08-25
Current CDP: 2018-08-25
Current Implementation Status: 
Time & Effort Summary: 

No effort or changes are proposed at this time.

This capability is currently supported by the following 2 components:
Component User facing? Component’s role in the capability
Globus Auth yes Globus Auth is the Web Single-sign-on (Web SSO) interface for XSEDE. Globus Auth provides Web authentication by a wide variety of OpenID Connect (OIDC) identity providers, significantly including CILogon, which provides OIDC authentication via thousands of InCommon and EduGAIN SAML/Shibboleth identity providers. Having authenticated, users may link additional OIDC identities, allowing the user to authenticate via any of the linked identities. Most XSEDE Web applications, including the XSEDE User Portal (XUP), require that the user has linked his/her XSEDE OIDC identity before the user is allowed access to the application. After visiting XUP and being guided to Globus Auth, users may view their linked identities and add/remove linked identities.
yes The XSEDE User Portal (XUP) is XSEDE's primary website and provides the starting point for this use case. To link or unlink an identity, users first login to the XUP, then click "My Profile." On the profile page, a link labeled "Manage linked identities" take the user to Globus, where identities can be linked and unlinked.