Identity Management, Single Sign-On Platforms

This brief document gives an overview of the SSO (single sign-on) options available for authentication, and the features of each. These can be used for self-developed apps, or for integration with vendor solutions.

Both Shibboleth and Entra ID (formerly known as Azure AD) support the SAML and OIDC (Open ID Connectt) standards. Both platforms also offer self-service options so IT Pros can do most of the set up and configuration themselves.

There are, however, some differences which may steer you in a particular direction. For example:

If you are working with a vendor and they have instructions specifically for Entra ID or an Entra ID App Gallery template already set up, you will want to go with Entra ID.
If your application needs to be accessed by users from other campuses, you will want to use Shibboleth.

For more information on which attributes get sync to Entra ID, please see this KB: Active Directory, Attributes.

If you're wondering which identity provider to use, the below guide may help:

Your Web App:	Entra ID	Shibboleth
Requires use of SAML or Open ID Connect	✓	✓
Needs to be accessed by users from other Universities (Chicago or Springfield)		✓
Has an Entra ID Application Gallery Template	✓
Supports InCommon Federation		✓
Needs Basic Attribute Release	✓	✓
Needs Advanced Attribute Release		✓

If you have any questions, please reach out to the Identity and Access Management team at techservices-iamu@illinois.edu.

Keywords:

sso single sign on shib shibb shibboleth azure ad entra id azuread saml oidc open id connect oauth

Doc ID:

132408

Owned by:

Identity and Access Management in University of Illinois Technology Services

Created:

2023-10-30

Updated:

2024-04-12

Sites:

University of Illinois System, University of Illinois Technology Services

0 0 Comment Suggest new doc Subscribe to changes