Authentication Options

ITS offers Authentication Services for all Staff, Faculty, and Students. Authentication is the process of verification of identity. This page provides a brief description about Authentication services provided by UCSC ITS and how to get them.

Authentication Options in order of preference:

SAML

[Protection LevelsALL levels]

Shibboleth is among the world's most widely deployed single sign-on (SSO) frameworks, connecting users to applications both within and between organizations. Every software component of the Shibboleth system is free and open source. Shibboleth relieves your application of the responsibility for handling passwords and is UCSC's preferred method of authentication. By utilizing Shibboleth, you are helping to improve security throughout our information ecosystem.


Active Directory (Au Domain) using Kerberos

[Protection Levels1-3 or 4] (see note)

Campus Active Directory (Au Domain) is a centralized directory service from Microsoft that uses your CruzID and Gold password for authentication. Au Domain helps simplify and standardize management of Windows systems by holding information and settings about computers, users, and groups in a centralized repository at the highest security levels. “Au” is the periodic table nomenclature for “Gold."

At UC Santa Cruz, Au Domain is used to manage users, computers and printers, and to provide authentication to systems like Secure File Storage across campus. Au Domain also provides a management and integration platform for some applications in use at UC Santa Cruz. All user accounts are automatically provisioned based on affiliation with campus (valid CruzID Gold account and password).

Kerberos is a ticket-based authentication system. At UCSC, Kerberos is used for Windows and Unix server authentication.

Note: Some data types (e.g. PCI/HIPAA) may require compensating controls (e.g. restricted network access [private LAN, DC-VPN])


LDAP

[Protection Levels1-3]

The Campus LDAP Directory service provides authorized UCSC users and services with an integrated source of directory information while also providing authentication and authorization services. LDAP, which stands for Lightweight Directory Access Protocol, refers to a set of software protocols and an information model for accessing data within directories.