In order for EVERFI to manger your service provider through InCommon, we require that your identity provider system meet the following two requirements. Based on EVERFI’s interpretation of Signing and Encryption Keys in InCommon Federation, we believe that any identity provider that is in the InCommon Federation meets these requirements. We need you to confirm that your system satisfies these two requirement in order for EVERFI to successfully perform routine certificate rotations within InCommon.

Identity Provider Requirements

EVERFI assumes the following about your identity provider setup:

  1. Your identity provider supports multiple signing certificates for a service provider like EVERFI’s Foundry.
  2. Your identity provider automatically updates the Foundry service provider in response to updates to the associated InCommon registry, or you have a process in place to manually apply such updates.

How to Request

If your organization is a member of the InCommon Federation, and you would like to manage Foundry as a service provider in the InCommon registry, the follow these steps:

  1. Request to your EVERFI customer success manager that you would like for Foundry to have an InCommon service provider entry for your organization. Each organization in EVERFI has a personalized single sign-on URL so EVERFI must to register a separate SP entry for each EVERFI customer.
  2. EVERFI will provision a new service provider in InCommon within 2 to 3 business days of your request.
  3. EVERFI will inform you when the service provider entry for your institution has been added to InCommon. The name of the service provider will be “EverFi Foundry – YOUR INSTITUTION NAME”, for example, “EverFi Foundry – Wossamotta University”.
  4. In your identity provider, set up EVERFI as you would for any service provider that is in InCommon.
  5. In Foundry, you will add an identity provider configuration that describes your identity provider to Foundry. See steps 2 and 3 on the Single Sign-On (SSO) page for more details.
  6. Test your single sign-on as described on the previously linked page.