Federation Broker Enrollment

Step 1: Getting Started

What to expect

Thank you for your interest in Federation Broker. This tool will walk you through the steps needed to generate an enrollment file that you'll give to the Federation Broker administrator as part of your enrollment.

Warning Before you get started - You will need:
  • A custom domain name you own (i.e. not a gmail.com or other consumer email domain and not a domain provided by your employer or school)
  • A Cloudflare Zero Trust account with administrative permissions.

What you'll do:

  • Review and accept the privacy notice.
  • Provide your identifying information, including your name and, if you were told to do so, your MCI number.
  • Tell us about your custom domain and email address.
  • Provide your SSO metadata URL for enrollment.

Step 2: Privacy Notice

Privacy Notice (Federation Broker, Only)

The Cooperative Computing Alliance, which owns and operates Federation Broker, may collect and maintain personal information as part of the delivery of the Federation Broker Program. This information may be used for identity verification, institutional fraud prevention and investigation, information security assessments, and other lawful purposes authorized by law.

Users are required to report their full legal name and other identifying characteristics when enrolling or using Federation Broker and are generally prohibited from using false or otherwise untrue or incomplete identity information when provisioning or accessing Federation Broker or when asked for their identifying information by Cooperative Computing Alliance. Users should consult the appropriate documentation for information on asking for a preferred alternative display name to be used in directories and other locations.

Information may be shared with authorized entities for purposes including, but not limited to, the prevention and detection of fraud, enforcement of applicable regulations, support of institutional security protocols, and evaluation of the effectiveness of security and compliance programs. Personal information collected for Federation Broker program delivery may not be used for affiliate and non-affiliate commercial marketing purposes.

This information is maintained by:
Federation Broker Program Manager
Cooperative Computing Alliance
539 W. Commerce St
Room 5210
Dallas, TX 75208
Telephone 415/534-8441

For inquiries concerning the maintenance of personal information, contact the Federation Broker Program Manager at the above address.

Step 3: About you

Please enter your full legal name exactly as it appears on your government-issued identification.
Your preferred first name if different from your legal name (e.g., "Bill" instead of "William") or any name you prefer to go by professionally. This will be used for display purposes.
Your online username, handle, or screen name that you use in digital spaces (For example, Crash Override, Lord Nikon, Zero Cool, or Mr. The Plague). This is optional but helps us identify you in online communities.
Would you like to complete extended registration?
Extended registration allows you to access additional services such as borrowing tools, equipment, and other resources.
Have you been told to enter a MCI/Genesis ID by an administrator? (This is uncommon)
A MCI is also sometimes called a GCI/Genesis ID or "mainframe number".

Extended registration

Please provide additional information to access extended services.

Date of birth
For example, 27 3 1980
Include country code if outside the selected country

Step 4: Your email domain

Use a custom domain email

For Federation Broker to work properly with SSO integrations, your email address must be based on a custom domain that you own. This means:

  • Do not use personal domains like gmail.com, hotmail.com, or yahoo.com.
  • Do not use public institution domains like .edu or .gov.
  • Use an address on a custom domain that you or your organization controls (e.g., you@example.com).

This ensures compatibility with SAML-based SSO applications and allows your identity to be properly validated by the Federation Broker.

This value is automatically derived from the UPN and cannot be edited.

Step 5: Provide your Cloudflare SSO URL

Where do I find my SSO URL?

If you don't already have a application for Federation Broker:

  • Log in to your Cloudflare dashboard.
  • Go to Access → Applications.
  • Create a new SAML SaaS application and name it Federation Broker
  • Set both the Entity ID and Assertion Consumer Service URLs to https://federationbroker.cloudflareaccess.com/cdn-cgi/access/callback
  • Set the Name ID Format to Email

To get your SSO Sign-On URL, follow these steps:

  • Log in to your Cloudflare dashboard.
  • Go to Access → Applications.
  • Find your SAML SaaS application for Federation Broker and click it.
  • Scroll down to the SAML Settings section.
  • Copy the SSO Sign-in URL.
If you aren't using Cloudflare Access as your SSO provider, please do not use this tool and ask the Federation Broker administrator for help.

We are required to ask these questions by our funding sources

Before you finish using the service, we'd like to ask some equality questions.

The grants and other founding sources that fund Federation Broker and other programs require us to ask these questions, but you don't have to answer them.

These questions help us understand who uses our services and identify areas where we might need to make improvements. The information will be used to monitor diversity and inclusion across our program, but we are required to let you know that this information will not be used for DEI purposes (see below).

Do you want to answer the equality questions?

These questions are optional. Your answers will not affect your enrollment.

Why we ask equality questions

We collect this information to:

  • Ensure our services are accessible to everyone
  • Identify and address any barriers to using our services
  • Meet our obligations to our funding sources (equality monitoring duty)

All equality information is stored securely and handled in accordance with data protection laws. It is kept separate from your enrollment information and used only for statistical purposes and will NOT be used for diversity, equity, and inclusion as defined by Executive Order 14151.

Equality questions

These questions are optional. If you prefer not to answer any question, just leave it blank and continue. We need to tell you that it's unlawful for us to use your answers as part of DEI programs.

What is your highest level of education completed?
If you are still in college and don't have an associate degree, select some college (no degree).
Are you the first person in your family to go to college?
How many technical certifications do you hold?
Include IT, cybersecurity, cloud, programming, or other technical certifications such as CCNA, Network+, AWS Certified, etc. If you have no certifications, select "None".
Enter your postal code, zip code, or equivalent for your country. This helps us understand the economic diversity of our participants.
Pronouns
Select your pronouns or enter your own
or
What is your sex?
Is the gender you identify with the same as your sex registered at birth?
All fields on this page are optional. You can continue without entering any information.

Review and submit

Review Your Submission

Please confirm all the information below is accurate before generating your metadata file.

First name
Change first name
Middle name
Change middle name
Last name
Change last name
Preferred name
Change preferred name
Handle
Change handle
Date of birth
Change date of birth
MCI/Genesis ID
Change MCI/Genesis ID
User Principal Name (UPN)
Change User Principal Name
Email domain
Change email domain
Cloudflare SSO URL
Change SSO URL

If something is incorrect, use the Change links to return and make corrections.

Success

Your enrollment file is ready

Click the button below to download your enrollment file. Once downloaded, please send it to your Federation Broker administrator.

Enrollment progress