{"id":12585,"date":"2009-11-10T15:11:20","date_gmt":"2009-11-10T19:11:20","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?page_id=12585"},"modified":"2022-04-28T15:44:17","modified_gmt":"2022-04-28T19:44:17","slug":"authentication","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/tech\/services\/security\/iam\/authentication\/","title":{"rendered":"Authentication Services"},"content":{"rendered":"<div class=\" bu-callout alignright\"><\/p>\n<h3><span class=\"tw icon-mapmarker\"><\/span> Quick Start<\/h3>\n<p><strong>Available to:<\/strong> Students, Faculty, Researchers, Staff, Departments, Prospective Students, New\/Incoming Students, Guests<\/p>\n<p><strong>Cost: <\/strong>No charge<\/p>\n<ul>\n<li>See <a href=\"#GettingStarted\">Getting Started<\/a>, below.<\/li>\n<\/ul>\n<p><\/div>\n<p>Authentication services sit between client programs and secured services. Our primary authentication method is Shibboleth, but Boston University also supports: ADFS, Kerberos, and AD Authentication (<em>use of Weblogin is now deprecated.<\/em>) An application leveraging these services can then control client access based on the standard BU login names and webaccounts.<\/p>\n<p><em>*Applications that utilize Shibboleth and ADFS authentication will be configured with Duo multifactor authentication.<\/em><\/p>\n<h2>Benefits<\/h2>\n<p>The use of Authentication Services Improves the usability and security of applications by allowing the use of BU accounts for access.<\/p>\n<h2>Key Features<\/h2>\n<ul>\n<li>Enables use of a single password for multiple applications<\/li>\n<li>Leverages account management over multiple applications<\/li>\n<li>Simplifies access to third-party applications and services<\/li>\n<\/ul>\n<h2>What to Expect<\/h2>\n<p>This service normally will be available 24 by 7 except for standard change windows, as described in <a href=\"\/tech\/about\/service\/change\/\">IS&amp;T\u2019s standard policies, procedures, and schedules for making changes<\/a>.<\/p>\n<h2>Requirements<\/h2>\n<p>Shibboleth:<\/p>\n<ul>\n<li>Application must be capable of being a Shibboleth Service Provider (SP); see the Shibboleth <a href=\"\/tech\/services\/security\/iam\/authentication\/shibboleth\/configuration\/\">Configuration Information for Application Admins<\/a> page for details.<\/li>\n<li>Application can be hosted on-premises or off-premises.<\/li>\n<li>BU is a member of the InCommon federation (see the <a href=\"https:\/\/www.bu.edu\/tech\/services\/security\/iam\/authentication\/incommonpop\/\">Participant Operational Practices<\/a>.)<\/li>\n<\/ul>\n<p><strong>ADFS:<\/strong><\/p>\n<ul>\n<li>Application can be hosted on-premises or off-premises.<\/li>\n<li>Authorization of applications connected to ADFS can be managed by AD groups.<\/li>\n<\/ul>\n<p><strong>Kerberos:<\/strong><\/p>\n<ul>\n<li>Host system for the application must be a modern, supported version of Linux or Windows.<\/li>\n<li>Host system must be on the BU campus network.<\/li>\n<li>Time clock on the host system must be synchronized with a Network Time Server.<\/li>\n<\/ul>\n<p><strong>AD Authentication:<\/strong><\/p>\n<ul>\n<li>Systems must be on preemies and joined to our AD Domain.<\/li>\n<li>Systems must be windows, Linux or MacOS.<\/li>\n<\/ul>\n<p><strong>Multifactor Authentication (MFA)<\/strong>:<\/p>\n<ul>\n<li>Host system or service must be able to integrate with the Duo integration API. A full list of compatible services is <a href=\"https:\/\/duo.com\/docs\">here<\/a>.<\/li>\n<li>Duo MFA is already built into applications configured with Shibboleth and ADFS. Other applications (which meet the appropriate criteria) can be configured to use Duo. Please contact us for more information.<\/li>\n<\/ul>\n<h2><a id=\"GettingStarted\"><\/a>Getting Started<\/h2>\n<ul>\n<li><strong>Shibboleth<\/strong>: See the <a href=\"\/tech\/services\/security\/iam\/authentication\/shibboleth\/service-provider-checklist\/\">Service provider checklist<\/a><\/li>\n<li>ADFS<\/li>\n<li><strong>Kerberos<\/strong>: On the <a href=\"\/tech\/services\/security\/iam\/authentication\/kerberos\/\">Kerberos support page<\/a>, click on the \u201cSubmit a Service Request\u201d link.<\/li>\n<li><a href=\"https:\/\/www.bu.edu\/tech\/services\/security\/iam\/directory\/ad\/\">AD Authentication<\/a><\/li>\n<li><strong>Multifactor Authentication<\/strong>: See the <a href=\"https:\/\/www.bu.edu\/tech\/support\/duo\/\">DUO Support page<\/a>.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Authentication services &#8211; Kerberos, Weblogin, or Shibboleth &#8211; can be integrated with applications to allow use of BU accounts and passwords&#8230;.<\/p>\n","protected":false},"author":1303,"featured_media":0,"parent":70869,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"service.php","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/12585"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/1303"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=12585"}],"version-history":[{"count":45,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/12585\/revisions"}],"predecessor-version":[{"id":139986,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/12585\/revisions\/139986"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/70869"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=12585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}