Identity Management, Single Sign-On Platforms

This brief document gives an overview of the SSO (single sign-on) options available for authentication, and the features of each. These can be used for self-developed apps, or for integration with vendor solutions.

Both Shibboleth and Entra ID (formerly known as Azure AD) support the SAML and OIDC (Open ID Connectt) standards. Both platforms also offer self-service options so IT Pros can do most of the set up and configuration themselves.

There are, however, some differences which may steer you in a particular direction. For example:

  • If you are working with a vendor and they have instructions specifically for Entra ID or an Entra ID App Gallery template already set up, you will want to go with Entra ID.
  • If your application needs to be accessed by users from other campuses, you will want to use Shibboleth.

For more information on which attributes get sync to Entra ID, please see this KB: Active Directory, Attributes.

If you're wondering which identity provider to use, the below guide may help:

Your Web App:

Entra ID

Shibboleth

Requires use of SAML or Open ID Connect

Needs to be accessed by users from other Universities (Chicago or Springfield)

Has an Entra ID Application Gallery Template

Supports InCommon Federation

Needs Basic Attribute Release

Needs Advanced Attribute Release

If you have any questions, please reach out to the Identity and Access Management team at techservices-iamu@illinois.edu.



Keywordssso single sign on shib shibb shibboleth azure ad entra id azuread saml oidc open id connect oauth   Doc ID132408
OwnerIdentity and Access ManagementGroupUniversity of Illinois Technology Services
Created2023-10-30 21:07:10Updated2024-04-12 10:52:03
SitesUniversity of Illinois System, University of Illinois Technology Services
Feedback  0   0