Skip to main content

YALE-MSS-9.7: Use University approved authentication methods

Standards Group:
YALE-MSS-9: Authentication and Authorization

YALE-MSS-9.7: Use University approved authentication methods

Low Risk Endpoint Not Required Moderate Risk Endpoint Not Required High Risk Endpoint Not Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Not Required Moderate Risk Network Printer Not Required High Risk Network Printer Not Required

Details

Leveraging Yale's SSO capability means:

  • MFA is enforced
  • A more uniform user experience
  • Any password change covers all the systems where the Yale user has access
  • If a user leaves Yale, their access is removed from all the systems leveraging Yale's SSO

Whenever feasible, use the University's Single Sign-On (SSO) capability. By using Yale's SSO, a given service turns over to Yale the authentication activity. This ensures that multi-factor authentication (MFA) and other important features are enforced when someone logs into the service.

Note: for non-web applications, use Yale’s central Active Directory services. LDAP is not approved.

To set up SSO, please submit a CAS SSO request with the Identity and Access Management team.