Single Sign On (SSO) is used at UC Berkeley to allow employees, students and affiliates to log in to multiple applications and services, using a single ID and passphrase.
We offer two types of SSO to campus technologists, CAS and SAML. Click either link below to find out more about that protocol.
CAS is generally used for campus-developed applications to provide SSO integration with CalNet ID and 2-Step (multifactor) authentication. There are CAS integrations available for most major application programming languages and frameworks.
SAML is the widely adopted standard for SSO and federation. If you want to integrate a third-party application with CalNet SSO then you will most likely use SAML. For example, bMail, Box, and DocuSign are integrated with CalNet SSO using SAML.
If you want to restrict access to your service to specific campus populations, you can use course grained authorization to enforce authorization. Example: you can use standard affiliations such as STUDENT-TYPE-REGISTERED or EMPLOYEE-TYPE-STAFF to allow access to your service; you can also create an ad hoc authorization group.