UB’s identity management systems are highly integrated with all the applications that are provided to the campus along with network access capabilities. The identity management layer is seamlessly integrated from the operating system layer all the way to the desktop layer.
The university has made significant investments for single sign on capabilities through Shibboleth and federated authentication through the InCommon federation. A robust system of provisioning and de-provisioning accounts from the system of record is managed through a common identity management system which provisions all the downstream resources needed to provide access to the various resources that an individual researcher requires to do business at the university. Appropriate layers of authentication are provided via active directory, LDAP, Kerberos, and radius per the application requirements.
UB also uses two factor authentication via RSA software and hardware tokens to administrative systems that hold sensitive privately identifiable information. Password resets are done through a self-service mechanism by answering questions selected by the individual users. UB currently meets the Bronze level of assurance according to the InCommon participation standards.