Standards Group:
YALE-MSS-9: Authentication and Authorization
YALE-MSS-9.7: Use University approved authentication methods
Low Risk Endpoint
Not Required
Moderate Risk Endpoint
Not Required
High Risk Endpoint
Not Required
Low Risk Server
Required
Moderate Risk Server
Required
High Risk Server
Required
Low Risk Mobile Device
Not Required
Moderate Risk Mobile Device
Not Required
High Risk Mobile Device
Not Required
Low Risk Network Printer
Not Required
Moderate Risk Network Printer
Not Required
High Risk Network Printer
Not Required
Details
Leveraging Yale's SSO capability means:
- MFA is enforced
- A more uniform user experience
- Any password change covers all the systems where the Yale user has access
- If a user leaves Yale, their access is removed from all the systems leveraging Yale's SSO
Whenever feasible, use the University's Single Sign-On (SSO) capability. By using Yale's SSO, a given service turns over to Yale the authentication activity. This ensures that multi-factor authentication (MFA) and other important features are enforced when someone logs into the service.
Note: for non-web applications, use Yale’s central Active Directory services. LDAP is not approved.
To set up SSO, please submit a CAS SSO request with the Identity and Access Management team.