CalNet operates a large portfolio of services to meet the identity and access needs of UC Berkeley. These services can be broken down into five primary categories. Click a link to jump directly to that section, below.
For a live view of current CalNet projects, see the CalNet Roadmap.
Identity Data Services (IDDS)
CalNet curates identity data from several University systems of record. Identity Data Services represent a suite of technology solutions that allow campus programmers with complex needs to consume identity data to make access control and resource provisioning decisions.
|
Service
|
Description
|
|---|---|
| Active Directory | AD-Microsoft implementation of LDAP. Managed by Infrastructure Services and populated by CalNet data. |
| Berkeley Person Registry | BPR is the suite of services and applications that gather identity data from systems of record and provision them out to downstream systems. |
| CalGroups | Grouper-based group management solution. |
| Java Messages Service | JMS Message Oriented Middleware(MOM) solution. Currently used as an internal service and for some enterprise systems. |
| Lightweight Directory Access Protocol | LDAP-OpenDJ directory servers. |
| Name Space | Name space is an organizational unit (OU) in LDAP that is used to reserve names so that collisions don't happen. |
| Public Directory | Public directory driven off of LDAP managed by Public Relations. |
Access Services
CalNet maintains Single Sign On (SSO) services that allow campus community members to use the same account to access many different online applications. Access Services are consumed by application owners who need to leverage SSO to manage access to their applications.
|
Service
|
Description
|
|---|---|
| Shibboleth | Federated login application. Service Providers and Identity Providers interact via the InCommon federation. |
| Central Authentication Service | CAS is the single sign on application that supports web logins for campus applications. Also supports Shibboleth. |
| Active Directory Federated Services | ADFS is the Active Directory SAML implementation. It is not currently offered as a service, but is in use by the CalNet Active Directory Team for applications that require integration with Microsoft Azure. |
|
CalNet 2-Step |
Multi factor authentication requires an additional level of security in the form of an out of band text message, application push to a smart phone, voice call or hardware token. |
|
Sponsored Guests |
Integrated with Cirrus Identity, a cloud-based identity management solution utilizing social logins, Sponsored Guests allows some campus applications to accept a Google login in lieu of a CalNet ID. |
Account Services
Account Services provide the tools that individuals need to manage and maintain their digital access credentials and accounts.
|
Service
|
Description
|
|---|---|
| CalNet Account Manager | CAM is the tool used to claim account, set passphrase, set recovery email addresses, change username, and manage 2-Step. |
| Special Purpose Accounts | Special Purpose Accounts (SPAs) are intended for collaboration and sharing. SPAs, their contents/data, and the shared email account are owned by the institution and the primary department of the employee who creates the SPA at the time the SPA is created. They are often used for file sharing and departmental email accounts. |
| Directory Update | Legacy tool for updating public directory attributes directly in LDAP |
User Support Services
User Support Services provides authorized University technology support staff with the tools they need to be able to diagnose and remedy access errors.
|
Service
|
Description
|
|---|---|
| CalNet Admin Tool | CAT is a user interface into the Berkeley Person Registry (BPR) that provides a view into campus identity data. |
Internal Services
CalNet requires flexible, scalable infrastructure components to move and maintain large amounts of identity data. Internal Services are consumed or maintained by CalNet to facilitate the delivery of the service portfolio.
|
Service
|
Description
|
|---|---|
| Virtual Machines | Houses Linux servers |
| Databases | Relational data stores for CalNet applications |