Implementation Options
Here are some of the ways Identity Security offers that campus partners use to implement NetID authentication in an application or service.
| Technology | Purpose | Details |
|---|---|---|
| CAS | Bilateral Federated Authentication | Documentation |
| Cirrus Identity | Mulitlateral Federated Authentication | Documentation |
| Duo | Multi-Factor Authentication | Documentation |
| Entra ID | Bilateral Federated Authentication | Documentation |
| Shibboleth | Bilateral Federated Authentication | Documentation |
Best Practices
When you write an application that is single-sign-on enabled, it joins a community of hundreds of applications from around the university. Just like any community, it helps if we all follow some basic guidelines to be respectful of our users and other applications.
-
Do not log users out of the single-sign-on environment. This can be counterintuitive. There are a few reasons for not logging a user out:
-
It inconveniences users. One of the most useful features of single-sign-on is that it allows you to log in once and access multiple resources. You should not assume that a user is done with their session because they have logged out of your application.
-
It implies single-sign-out. Not all services provide single-sign-out, so users are still logged into any other SSO-enabled services that they used during that session. Users should be encouraged to close their browsers completely when they are done using services.
-
-
Use landing pages that are not single-sign-on-enabled. Landing pages give your users a clear view of the application they are visiting prior to logging in. This allows them to make an informed decision before logging into your site. It also gives you a place to send users after logging them out of your application that can provide additional guidance.
-
Tell the user who they are. This is good practice, particularly if you think your application may be used in an environment where multiple people might access the same workstation.