Authentication Services
The NetID platform provides several paths to enable authentication for a service or application.
Pathways
In the process of development or acquisition of a new application, consider who your user population is. Some applications may only need users in College Station to be able to log in.
Others might need to support including other identity providers, such as logging in with credentials from another member of the Texas A&M System, like Tarleton State University.
Who Are Your Users?
Federated authentication means your application or service is relying on an external system (such as NetID) to provide users and manage their credentials. This is how most apps and services are set up at Texas A&M University.
- Bilateral federation means your application uses only NetID credentials provided by Texas A&M.
- Multilateral federation means your app will accept NetID credentials in addition to others, like other Texas A&M System members.
Bilateral Supported Pattern
For bilateral federation with NetID, we support integration with Texas A&M's Microsoft Entra ID tenant. Many enterprise services already do this (for example, Google Workspace, Canvas, and LinkedIn Learning).
To improve security and streamline access management, we are deprecating the legacy on-premises CAS & Shibboleth platforms and will only allow integration via Microsoft Entra ID going forward. Exceptions may be made on a case-by-case basis where there is a compelling business need to maintain legacy protocol support, but the long-term goal is to fully transition to Entra ID for authentication integration.
Self-Service Integration
Entra ID integrations can be set up using a self-service application that Identity Security supports. At this time, only Technology Services professionals can access this application.
Entra ID supports the following authentication protocols:
Integration Consulting & Support
If you are a professional staff member who is not part of Technology Services, Identity Security offers hands-on NetID integration setup. Prior to submitting a request, please review our guides & walkthroughs.
Please note that the typical time to onboard a new integration is a minimum of 1 week if we will be working with an external vendor.
Multilateral Supported Pattern
For multilateral federation with multiple universities or agency partners, Identity Security has partnered with Cirrus Identity to offer their "Proxy" service to campus.
This service allows applications and services to integrate with a single identity provider (the "proxy") via the SAML protocol. We have integrated many of the Texas A&M System members with this proxy to offer a standardized set of attributes that can be passed to an application or service to make it easy to identify which users are coming from a particular member.
Please reach out to identity@tamu.edu to request an integration with the Cirrus Identity platform.