University at Buffalo (UB)
Identity Management
UB’s identity management systems are highly integrated with all the applications that are provided to the campus along with network access capabilities. The identity management layer is seamlessly integrated from the operating system layer all the way to the desktop layer.
Federated Authentication Done Right
The university has made significant investments for single sign on capabilities through Shibboleth and federated authentication through the InCommon federation. A robust system of provisioning and de-provisioning accounts from the system of record is managed through a common identity management system which provisions all the downstream resources needed to provide access to the various resources that an individual researcher requires to do business at the university. Appropriate layers of authentication are provided via active directory, LDAP, Kerberos, and radius per the application requirements.
Double the Protection
UB uses two-step verification via Duo. Two-step verification is the standard for account security on the Internet. It pairs something you know (your UBITName and password) with something you have (like a smartphone or a security key) to provide secure access to your UB services.