Skip to content Skip to navigation

XSEDE Capability Delivery Plan for "IDM-05: Link or unlink a non-XSEDE identity"

Use Case IDM-05: Link or unlink a non-XSEDE identity

Area: Account Management
URLs: Public, Review

Executive Summary: An XSEDE user wants to link or unlink a non-XSEDE identity with their XSEDE identity. A linked identity can be used to authenticate to XSEDE instead of an XSEDE username and password.

First CDP: 2018-08-25
Current CDP: 2018-08-25
Current Implementation Status: 
FULL
Time & Effort Summary: 

No effort or changes are proposed at this time.

This capability is currently supported by the following 2 components:
Component User facing? Component’s role in the capability
XSEDE User Portal (XUP) yes The XSEDE User Portal (XUP) is XSEDE's primary website and provides the starting point for this use case. To link or unlink an identity, users first login to the XUP, then click "My Profile." On the profile page, a link labeled "Manage linked identities" take the user to Globus, where identities can be linked and unlinked.
Globus Auth yes Globus Auth is the Web Single-sign-on (Web SSO) interface for XSEDE. Globus Auth provides Web authentication by a wide variety of OpenID Connect (OIDC) identity providers, significantly including CILogon, which provides OIDC authentication via thousands of InCommon and EduGAIN SAML/Shibboleth identity providers. Having authenticated, users may link additional OIDC identities, allowing the user to authenticate via any of the linked identities. Most XSEDE Web applications, including the XSEDE User Portal (XUP), require that the user has linked his/her XSEDE OIDC identity before the user is allowed access to the application. After visiting XUP and being guided to Globus Auth, users may view their linked identities and add/remove linked identities.