Single Sign On (SSO) is a session/user authentication process that allows a user to provide their credentials once in order to access multiple applications. The single sign on authenticates the user to access all the applications he or she has been authorized to access, without having to log in again.

To add or change a SSO integration, submit a Service Request via ServiceNow

We offer three types of SSO to campus technologists: OpenID Connect (OIDC), Central Authentication Server (CAS) and Security Assertion Markup Language (SAML). Click the links below to find out more about each protocol.

OIDC

OpenID Connect (OIDC) is a widely adopted standard for SSO. If you want to integrate a third-party application with CalNet SSO then you will most likely use OIDC or SAML. OIDC can also be used for campus-developed applications to provide SSO integration with CalNet ID and 2-Step (multifactor) authentication. There are OIDC libraries available for most major application programming languages and frameworks.

CAS Protocol

CAS is generally used for campus-developed applications to provide SSO integration with CalNet ID and 2-Step (multifactor) authentication. There are CAS integrations available for most major application programming languages and frameworks.

SAML Protocol

SAML is the widely adopted standard for SSO and federation. If you want to integrate a third-party application with CalNet SSO then you will most likely use SAML.  For example, bMail, Box, and DocuSign are integrated with CalNet SSO using SAML.

Coarse Grained Authorization

If you want to restrict access to your service to specific campus populations, you can use coarse grained authorization to enforce authorization. Example: you can use standard affiliations such as STUDENT-TYPE-REGISTERED or EMPLOYEE-TYPE-STAFF to allow access to your service; you can also create an ad hoc authorization group.