Q: How Will This Impact Service Providers?
A. The IAM Team plans to migrate campus Identity Providers (auth.unk.edu, auth.unomaha.edu, shib.unl.edu) to NEAD and our expectation is there will be no impact to services protected by SSO.
Q: Are Attributes Changing?
A: No. At this time, 12/11, the IAM Team expects to provide the same set of attributes that your service uses today. If your service uses a campus NETID (e.g. bgumwad), you do not need to update your service to switch to an alternate identifier such as NUID.
We would not discourage you to update your service to use NUID as it is much more stable. If your service supports additional "name-based" attribute identifiers like email address or eduPersonPrincipalName, then NUID would be a good fit.
Q: Do I Need to Switch Identity Providers?
A: No. While campus Identity Providers will move to NEAD for authentication, the IAM Team will make every effort to limit the impact to services.
Q: What Usernames Are Supported?
A: TrueYou Username - NUID@nebraska.edu
To assist with the confusing landscape of identifiers and terminology, the IAM Team is recommending the following. Use the term, "TrueYou Username", to mean NUID@nebraska.edu and promote it as the recommended and supported username for all SSO systems.
Historically the IAM Team has leveraged Shibboleth's capabilities to support an array of usernames such as NUID, email address, and NETID. Microsoft authentication has used Active Directory's "userPrincipalName" attribute which can be confusing to users because it requires a FQDN (username@campus.edu) and is not always the same as email address. The inconsistency between authentication systems has lead to a poor user experience as users needed to switch usernames depending on the service they are accessing.
Q: What About Other Username Options?
A: Each campus Identity Provider (IdP) for Kearney (auth.unk.edu), Lincoln (shib.unl.edu), and Omaha (auth.unomaha.edu) will continue to support both TrueYou Username and existing campus username options such as NETID (e.g. bgumwad), NUID, or email address.