Quick Start
Available to: Students, Faculty, Researchers, Staff, Departments, Prospective Students, New/Incoming Students, Guests
Cost: No charge
- See Getting Started, below.
Authentication services sit between client programs and secured services. Our primary authentication method is Shibboleth, but Boston University also supports: ADFS, Kerberos, and AD Authentication (use of Weblogin is now deprecated.) An application leveraging these services can then control client access based on the standard BU login names and webaccounts.
*Applications that utilize Shibboleth and ADFS authentication will be configured with Duo multifactor authentication.
Benefits
The use of Authentication Services Improves the usability and security of applications by allowing the use of BU accounts for access.
Key Features
- Enables use of a single password for multiple applications
- Leverages account management over multiple applications
- Simplifies access to third-party applications and services
What to Expect
This service normally will be available 24 by 7 except for standard change windows, as described in IS&T’s standard policies, procedures, and schedules for making changes.
Requirements
Shibboleth:
- Application must be capable of being a Shibboleth Service Provider (SP); see the Shibboleth Configuration Information for Application Admins page for details.
- Application can be hosted on-premises or off-premises.
- BU is a member of the InCommon federation (see the Participant Operational Practices.)
ADFS:
- Application can be hosted on-premises or off-premises.
- Authorization of applications connected to ADFS can be managed by AD groups.
Kerberos:
- Host system for the application must be a modern, supported version of Linux or Windows.
- Host system must be on the BU campus network.
- Time clock on the host system must be synchronized with a Network Time Server.
AD Authentication:
- Systems must be on preemies and joined to our AD Domain.
- Systems must be windows, Linux or MacOS.
Multifactor Authentication (MFA):
- Host system or service must be able to integrate with the Duo integration API. A full list of compatible services is here.
- Duo MFA is already built into applications configured with Shibboleth and ADFS. Other applications (which meet the appropriate criteria) can be configured to use Duo. Please contact us for more information.
Getting Started
- Shibboleth: See the Service provider checklist
- ADFS
- Kerberos: On the Kerberos support page, click on the “Submit a Service Request” link.
- AD Authentication
- Multifactor Authentication: See the DUO Support page.