Single Sign On

Single Sign On (SSO) is used at UC Berkeley to allow employees, students and affiliates to log in to multiple applications and services, using a single ID and passphrase.

To add or change a SSO integration, submit a Service Request via ServiceNow

We offer two types of SSO to campus technologists, CAS and Shibboleth. Click either link below to find out more about that service.

CAS (Central Authentication Service)

Shibboleth


CAS vs Shibboleth

CAS is generally used for campus-developed applications to provide SSO integration with CalNet ID and 2-Step (multifactor) authentication.  There are CAS integrations available for most major application programming languages and frameworks.

Shibboleth supports the widely adopted SAML standard for SSO and federation.  If you want to integrate a third-party application with CalNet SSO then you will most likely use Shibboleth.  For example, bMail, Box, and DocuSign are integrated with CalNet SSO using SAML and Shibboleth.  Shibboleth uses CAS for authentication.

CAS Authorization is often used in conjunction with Shibboleth. If you want to provide access to a remote resource while also restricting access to current employees and students, for example, you can use CAS Authorization to enforce access rules.