Skip to main content

Implementation Options

Here are some of the ways Identity Security offers that campus partners use to implement NetID authentication in an application or service.

TechnologyPurposeDetails
CASBilateral Federated AuthenticationDocumentation
Cirrus IdentityMulitlateral Federated AuthenticationDocumentation
DuoMulti-Factor AuthenticationDocumentation
Entra IDBilateral Federated AuthenticationDocumentation
ShibbolethBilateral Federated AuthenticationDocumentation

Best Practices

When you write an application that is single-sign-on enabled, it joins a community of hundreds of applications from around the university. Just like any community, it helps if we all follow some basic guidelines to be respectful of our users and other applications.

  1. Do not log users out of the single-sign-on environment. This can be counterintuitive. There are a few reasons for not logging a user out:

    • It inconveniences users. One of the most useful features of single-sign-on is that it allows you to log in once and access multiple resources. You should not assume that a user is done with their session because they have logged out of your application.

    • It implies single-sign-out. Not all services provide single-sign-out, so users are still logged into any other SSO-enabled services that they used during that session. Users should be encouraged to close their browsers completely when they are done using services.

  2. Use landing pages that are not single-sign-on-enabled. Landing pages give your users a clear view of the application they are visiting prior to logging in. This allows them to make an informed decision before logging into your site. It also gives you a place to send users after logging them out of your application that can provide additional guidance.

  3. Tell the user who they are. This is good practice, particularly if you think your application may be used in an environment where multiple people might access the same workstation.