Home / Identity Management / Authentication Options

Authentication Options

ITS offers Authentication Services for all Staff, Faculty, and Students. Authentication is the process of verification of identity. This page provides a brief description about Authentication services provided by UCSC ITS and how to get them.

Authentication Options in order of preference:

SAML

[Protection LevelsALL levels]

https://its.ucsc.edu/idm/shibboleth-configuration.html

Shibboleth is among the world's most widely deployed single sign-on (SSO) frameworks, connecting users to applications both within and between organizations. Every software component of the Shibboleth system is free and open source. Shibboleth relieves your application of the responsibility for handling passwords and is UCSC's preferred method of authentication. By utilizing Shibboleth, you are helping to improve security throughout our information ecosystem.

Active Directory (AD) using Kerberos

[Protection Levels1-3 or 4] (see note)

https://its.ucsc.edu/data-center/campus-ad.html

https://its.ucsc.edu/data-center/kerberos.html

Campus Active Directory is a centralized directory service from Microsoft. AD helps simplify and standardize management of Windows systems by holding information and settings about computers, users, and groups in a centralized repository.

At UCSC the Campus Active Directory is used to manage users, computers and printers, and to provide Enterprise File Services across campus. Active Directory also provides a management and integration platform for some applications in use at UCSC.

Kerberos is a ticket-based authentication system. At UCSC, Kerberos is used for Unix server authentication.

Note: Some data types (e.g. PCI/HIPAA) may require compensating controls (e.g. restricted network access [private LAN, DC-VPN])

 

LDAP

[Protection Levels1-3]

https://its.ucsc.edu/ldap/index.html

The Campus LDAP Directory service provides authorized UCSC users and services with an integrated source of directory information while also providing authentication and authorization services. LDAP, which stands for Lightweight Directory Access Protocol, refers to a set of software protocols and an information model for accessing data within directories.