CalNet Services


CalNet ServicesCalNet operates a large portfolio of services to meet the identity and access needs of UC Berkeley. These services can be broken down into five primary categories. Click a link to jump directly to that section, below.  

For a live view of current CalNet projects, see the CalNet Roadmap.



Identity Data Services (IDDS)

CalNet curates identity data from several University systems of record. Identity Data Services represent a suite of technology solutions that allow campus programmers with complex needs to consume identity data to make access control and resource provisioning decisions. 

Service
Description
Active Directory Microsoft implementation of LDAP.  Managed by Infrastructure Services and populated by CalNet data.
Berkeley Person Registry BPR is the suite of services and applications that gather identity data from systems of record and provision them out to downstream systems.
CalGroups Grouper-based group management solution.
JMS Java Messages Service MOM solution.  Currently used as an internal service and for some enterprise systems.
LDAP OpenDJ directory servers.
Name Space Name space is an OU in LDAP that is used to reserve names so that collisions don't happen.
Public Directory Public directory driven off of LDAP managed by Public Relations.

Access Services

CalNet maintains Single Sign On (SSO) services that allow campus community members to use the same account to access many different online applications. Access Services are consumed by application owners who need to leverage SSO to manage access to their applications.

Service
Description
Shibboleth Federated login application. Service Providers and Identity Providers interact via the InCommon federation.
Central Authentication Service CAS is the single sign on application that supports web logins for campus applications. Also supports Shibboleth.
Active Directory Federated Services ADFS is the Active Directory SAML implementation. It is not currently offered as a service, but is in use by the CalNetAD Team for applications that require integration with MS Azure.

CalNet 2-Step

Multi factor authentication requires an additional level of security in the form of an out of band text message, application push to a smart phone, voice call or hardware token.

Sponsored Guests

Integrated with Cirrus Identity, a cloud-based identity management solution utilizing social logins, Sponsored Guests allows some campus applications to accept a Google login in lieu of a CalNet ID.


Account Services

Account Services provide the tools that individuals need to manage and maintain their digital access credentials and accounts.

Service
Description
CalNet Account Manager CAM is the tool used to claim account, set passphrase, set recovery email addresses, change username, and manage 2-Step.
Special Purpose Accounts SPAs are group-linked department-owned CalNet IDs that can be shared with multiple employees without requiring shared credentials. They are often used for file sharing and departmental email accounts.
Manage My Keys MMK is a tool where account holders can create an application specific passphrase for AirBears2 or bConnected.
Directory Update 
Legacy tool for updating public directory attributes directly in LDAP


User Support Services

User Support Services provides authorized University technology support staff with the tools they need to be able to diagnose and remedy access errors.

Service
Description
CalNet Admin Tool CAT is a user interface into the Berkeley Person Registry that provides a view into campus identity data.


Internal Services

CalNet requires flexible, scalable infrastructure components to move and maintain large amounts of identity data.  Internal Services are consumed or maintained by CalNet to facilitate the delivery of the service portfolio.

Service
Description
Virtual Machines Houses Linux servers
Databases Relational data stores for CalNet applications