Authentication Management

Authentication Management

The Division of IT provides several methods for user authentication: SecureAuth, Shibboleth [InCommon Federated Authentication] and Lightweight Directory Access Protocol (LDAP). 

  • SecureAuth IdP - Single sign-on as well as 2FA is available with SecureAuth; 2FA adds extra protection and validation for authentication.

  • Shibboleth IdP - Single sign-on is available with Shibboleth and is common in the higher education environment.

  • LDAP

InCommon Federated Authentication:

The University of Missouri is an active participant in the InCommon Federation. InCommon membership allows us to establish trust relationships with other higher-ed universities, research organizations and vendors that let University of Missouri facutly, students and staff use their University credentials with other participating organizations.

Incommon Participant Badge

Each method for user authentication provided by the Division of IT has its own advantages. A brief description of each method follows:

SecureAuth and Shibboleth IdP:

SecureAuth is a product licensed to the University of Missouri that allows for two-factor authentication (2FA). Shibboleth is a standards-based Single Sign-On authentication service for the web. Both services consist of two primary pieces:  an Identity Provider (IdP) and a Service Provider (SP). There is one IdP system-wide for SecureAuth and Shibboleth for the University of Missouri, operated by the Division of IT. SPs are operated by the individual application or resource owner. SPs can be University of Missouri applications or an external third party service. 

Advantages:

  • Allows University of Missouri faculty, students and staff to use their University credentials to access multiple protected resources while reducing the number of times prompted to enter their credentials.
  • Eliminates the security issues of sharing University credentials with a third party because the credentials are never passed to the protected resource.
  • Facilitates authorization decisions by passing supported user attributes to the resource. Allows resources to accept credentials from Identity Providers other than the University of Missouri.

Lightweight Directory Access Protocol (LDAP)

LDAP via Active Directory is available to internal non-web applications. Some applications and custom code require integration with Active Directory to provide user authentication and to query Active Directory object attributes. This can be accomplished in a variety of ways and will be dependent upon the application and/or code language invoked.

 

There are no fees associated with this service.

The Division of IT works with application or resource owners to setup the integration for authentication. However, departmental requests would need to come through an IT Pro

Go to doitservices.missouri.edu to request Authentication. Log in to the self-service portal with your university user ID and password, select Service Catalog, and search for Authentication.

Go to doitservices.missouri.edu and click on the Help icon. Login to the self-service portal with your University user id and password, and Search for Answers accordingly. For additional assistance, contact our Help Desk at 573-882-5000.