INDIGO IAM, is a software option for Authentication and Authorisation Infrastructures (AAIs) that has become increasingly popular within FIM4R over the past few years. Several Research Communities, including IRIS and WLCG, are in the process of deploying production infrastructure based on INDIGO IAM and the time was ripe last January to kick off a series of workshops in which the developers and service supporters can form an active community.


In January of 2021, the first “INDIGO IAM User’s Workshop” took place. Organised as a two afternoon event, the workshop aimed to facilitate user led discussion around best practice, administration and deployment experience between communities who utilise the INDIGO IAM. 

Whilst there are many different tools available to assist in the implementation of federated identity management, INDIGO Identity and Access Management Service (IAM) has seen increasingly wide adoption. The INDIGO IAM was originally developed as part of the INDIGO Datacloud Horizon 2020 project and INFN have continued to maintain and develop the service since the project’s end. INDIGO IAM is currently available as both an as-a-service option run and provided by INFN or as an on-premise deployment via either DockerHub or RPM and Debian packages.

As the INDIGO IAM has become a more established software choice, it has been adopted as a core infrastructure component for a number of different FIM4R communities. Due to the increasing usage of the INDIGO IAM, it was felt that the service could benefit from the formation of a user community and the resulting user discussions. This is the sentiment that led to the planning of January’s workshop. 

The workshop was extremely well attended, with 78 registered attendees representing over 15 different institutions from around the globe. The scheduling of the workshop split talks and content into two distinct scopes, with the first day centering around talks focussing on deployment and administration and the second day focussing on utilising the IAM as a client. 

The workshop’s first day kicked off with an update from the IAM Development team at INFN, providing an overview of both the history of the IAM and the future development roadmap, before a presentation on how they run their own instances of IAM. Following on from there two major communities utilising the IAM, the WLCG (The Worldwide Large Hadron Collider Computing Grid) and IRIS (eInfrastructure for Research and Innovation for STFC), presented the work they had carried out to adopt and support the IAM. These talks included overviews of adoption plans, work done to support command line authorization, and IAM within an operational security environment.

The second day focussed on talks from clients utilising the IAM and their experiences of using the INDIGO IAM as the authentication and authorization solution for their service, with speakers representing a broad range of service types including accounting, resource provisioning, and storage. There were a number of constructive conversations around each presentation, as presenters and attendees alike discussed their understandings and best practice when working with instances of INDIGO IAM. 

Ultimately, the workshop was an extremely positive first step towards forming a strong user community around the INDIGO IAM. A follow up workshop, with format to be determined, will likely take place later in 2021.  For those interested in learning more about the INDIGO IAM, hearing about development updates, and engaging with future workshops you can join the GoogleGroups discussion pages at: https://groups.google.com/g/indigo-iam-users

If you are interested in recapping any of the workshop’s talks, please see the indico here: https://indico.cern.ch/event/970568/

Blog post written by Thomas Dack (STFC UKRI)