Authentication (SSO) Integration Process

We strongly encourage application owners to schedule a consultation with the identity team before requesting an integration. Ideally, the consultation will occur during vendor selection for a third-party platform or final design review for purpose-built platform.

During this consultation we will review:

• Your application,
• The supported authentication protocols (OIDC and SAML)
• The supported attributes (see the list)
• Your account lifecycle (i.e., adding and removing user accounts).

When you understand your application's authentication integration requirements (i.e., the protocol and attributes), and the other APIs or BDPs needed to support provisioning and deprovisioning, you may request your authentication integration through DSA Manager.

When your authentication integration request is approved, you may fill out the Authentication Integration Technical Information form. (Note, this form requires a link to an approved Authentication Integration DSA.)

The Identity team will provision the credentials and metadata for the integration and communicate this information to the person identified in the request as the technical contact for your application.

As a rule, the Identity team will not provision the production credentials and metadata until you have completed testing and validation in your non-production environment.

When you are satisfied that the integration is working correctly, please schedule the production deployment at a time that fits your business rhythms.

If your new application replaces an application that had an authentication integration, or if you are moving your application from an older authentication service (CAS), please let us know when to remove the old authentication integration by submitting an Authentication Integration Retirement Request.