CalNet Services

CalNet ServicesCalNet operates a large portfolio of services to meet the identity and access needs of UC Berkeley. These services can be broken down into five primary categories. Click a link to jump directly to that section, below.  

For a live view of current CalNet projects, see the CalNet Roadmap.

Identity Data Services (IDDS)

CalNet curates identity data from several systems of record throughout the University. Identity Data Services represent a suite of technology solutions that allow campus programmers with complex needs to consume identity data to make access control and resource provisioning decisions. 

Active Directory Microsoft implementation of LDAP.  Managed by Infrastructure Services and populated by CalNet data.
Berkeley Person Registry BPR is the suite of services and applications that gather identity data from systems of record and provision them out to downstream systems.
CalGroups Grouper-based group management solution.
JMS Java Messages Service Pub/Sub solution.  Currently used primarily as an internal service but with plans to expand to offer pub/sub services to campus consumers.

Kerb cpw

(To be deprecated)

Tool for changing CalNet passphrases and creating friendly CalNet IDs.

Kerb Service 

(To be deprecated)

Web service interface into Kerberos.

Kerb Tokens 

(To be deprecated)

Tool for deputies to issue passphrase reset tokens.
LDAP OpenDJ directory servers.
Name Space Name space is an OU in LDAP that is used to reserve names so that collisions don't happen.
Public Directory Public directory driven off of LDAP managed by Public Relations.
UCOP Data CalNet exchanges data with the UC Office of the President IT via FTP files to support UCNetID assignments.

Access Services

CalNet maintains Single Sign On services that allow campus community members to use the same account to access many different online applications. Access Services are consumed by application owners who need to leverage this single sign on infrastructure to manage access to their applications.

Shibboleth Federated login application. Service Providers and Identity Providers interact via the InCommon federation.
Central Authentication Service CAS is the single sign on application that supports web logins for campus applications. Also supports Shibboleth.
Active Directory Federated Services ADFS is the Active Directory SAML implementation. It is currently offered as a service by the Windows Team for applications that require AD authentication but without proxying credentials.

CalNet 2-Step

Multi factor authentication requires an additional level of security in the form of an out of band text message, application push to a smart phone, voice call or hardware token.

External Identities

(Future Service)

In addition to supporting credentialed UC Berkeley CalNet identities, login can be enabled on a per service basis for external identities. Examples of external identity providers are Google, Facebook and LinkedIn.

MIT Kerberos 

(To be deprecated)

MIT Kerberos is the current passphrase store for CalNet accounts.


(To be deprecated)

Access request and workflow tool for CalAnswers.

Account Services

Account Services provide the tools that individuals need to manage and maintain their digital access credentials and accounts.

Calnet Account Manager CAM is the tool account holders use to set passphrase, set recovery addresse, change ID and activate account.
Special Purpose Accounts SPAs are accounts for non-persons (usually departmental accounts that can be accessed via a special CAS convention).
Manage My Keys MMK is a tool where account holders can create an application specific passphrase for AirBears2 or bConnected.
Directory Update 
Legacy tool for updating public directory attributes directly in LDAP

UAS Password Tools 

(To be deprecated)

Legacy tools for setting and resetting passphrases.


(To be deprecated)

Application that allows employees to sponsor guest accounts.

User Support Services

User Support Services provides authorized University technology support staff with the tools they need to be able to diagnose and remedy access errors.

CalNet Admin Tool CAT is a user interface into the Berkeley Person Registry that provides a view into campus identity data.

Person Lookup 

(To be deprecated)

Used by CalNet deputies to view campus identity data.

Deputy Admin Tool

(To be deprecated)

Used to manage CalNet deputies and their constituencies.


Internal Services

CalNet requires flexible, scalable infrastructure components to move and maintain large amounts of identity data.  Internal Services are consumed or maintained by CalNet to facilitate the delivery of the service portfolio.

Virtual Machines Houses Linux servers
Databases Relational data stores for CalNet applications
OpenIDM Identity provisioning application

Active Directory Sync 


Tool that syncs identity data from LDAP to Active Directory