InfoSec
Authentication Management
About
The Division of IT provides single sign-on methods for user authentication via SAML 2.0(SP initiated) and OIDC. One of these protocols is required for vendor-hosted applications. LDAP authentication is available for on-premises applications, but SAML 2.0(SP initiated) and OIDC are the preferred methods for all applications. The University of Missouri provides single sign-on authentication via the Shibboleth Identity Provider and Microsoft Entra, Azure Entra ID.
InCommon Federated Authentication:
The University of Missouri is an active participant in the InCommon Federation. InCommon membership allows us to establish trust relationships with other higher-ed universities, research organizations and vendors that let University of Missouri faculty, students and staff use their university credentials with other participating organizations.
Details
Each method for user authentication provided by the Division of IT has its own advantages. A brief description of each method follows:
Shibboleth IdP & Microsoft Entra ID:
Shibboleth Identity Provider (IdP) is a SAML 2.0 standards-based Single Sign-On authentication service for the web. Microsoft Entra ID provides an identity provider using the SAML 2.0 or OIDC protocol for single sign-on.
Authentication via these protocols requires both an Identity Provider (IdP) and a Service Provider (SP). The Division of IT is responsible for identity providers for the entire UM System. Service Providers (SPs) are operated by the individual application or resource owner. SPs can be University of Missouri applications or an external third-party service.
Advantages:
- Allows University of Missouri faculty, students and staff to use their university credentials to access multiple protected resources while reducing the number of times prompted to enter their credentials.
- Handles the enforcement of multi-factor authentication (MFA)
- Eliminates the security issues of sharing University credentials with a third party because the credentials are never passed to the protected resource.
- Facilitates authorization decisions by passing supported user attributes to the resource. Allows resources to accept credentials from Identity Providers other than the University of Missouri.
Lightweight Directory Access Protocol (LDAP)
LDAP via Active Directory is available to internal non-web applications. Some applications and custom code require integration with Active Directory to provide user authentication and to query Active Directory object attributes. This can be accomplished in various ways and depends on the application and/or code language invoked.
Pricing
There are no fees associated with this service.
Availability
The Division of IT works with application or resource owners to set up the integration for authentication. However, departmental requests would need to come through an IT Pro.
Getting Started
Go to doitservices.missouri.edu to request Authentication. Log in to the self-service portal with your university username and password, select Service Catalog, and search for Authentication.
Help
Go to doitservices.missouri.edu and click on the Help icon. Login to the self-service portal with your University user id and password, and Search for Answers accordingly. For additional assistance, contact our Help Desk at 573-882-5000.