Authentication Integration Worksheet

Campus Labs connects to campus authentication systems in order to identify and credential users. This means that you login using your campus username and password. The centerpiece of each method is a secure transmission of a unique identifier for a user upon a successful granting of credentials. Some of the supported protocols also allow for the passing of additional attributes from a directory or other campus system.

Campus Labs only supports ONE authentication method at a time per institution. These options include:

  • Shibboleth / SAML (Campus Labs is an InCommon Provider)
  • Central Authentication Service (CAS)

Steps to implementing authentication:

  1. Select an authentication method
  2. Complete the authentication worksheet and send it to authentication@campuslabs.com.
  3. We will work with you to get a site configured, depending on your answers to the questions.
  4. Testing and troubleshooting.
  5. Create users and allow them access to the site using their campus credentials.

 

 

Choosing an External Identifier for Authentication

 

Choosing a Person Identifier

The goal of the Campus Labs® platform is to create one system that brings data together for new insight. In order to accomplish this task, the platform requires a single point of identification for a user that is consistent across all components of the platform and that is able to be associated back to a single person at the institution for cross-tabulation and identification purposes.

Campus Labs uses this identification to:

  • Allow access to platform features
  • Associate collected data to a single reference point
  • Display a custom user experience to each user
  • Share information about a user across the platform for various reporting and visualization functions

Common Campus ID Conventions

Because institutions may have many forms of identification that are assigned to a person, it is important to understand the nature of each of the possible IDs. Campuses use different terms to describe their ID conventions. Here are some common examples:

Social Security Number:

Although still used by some campuses, the SSN is no longer the standard identification number. Campus Labs will never require or knowingly ask for a SSN from or about a user, and it cannot be considered a candidate as a unique ID.

EmplID:

Employee ID, typically an alphanumeric string (mostly numeric) that is assigned at the time of employment for HR/payroll purposes.

StudentID:

Typically an alphanumeric string (mostly numeric) that is assigned to a student when they apply or are accepted to the institution.

Examples: Banner Number, B-number, {first letter of campus name}- number, SIS ID

*** Sometimes, EmplID and StudentID will be the same for a student who is also a staff member, sometimes not. ***

Username:

Typically, an alphanumeric string (mostly alpha) that is assigned to a student/employee when they activate their campus computing account. This ID is typically a variant of their first and last name for easy memorization. Often, these are reused over time as people with similar names enter and leave the institution. For instance: John Smith graduated in 1999 and had the username: jsmith, and now, in 2015, a student named Joanna Smith is attending the same college and has been given the same username: jsmith. In many cases, institutions will allow a student or employee to change their username if their own name changes. For instance: Joanna Smith married and changed her last name to Jones. Her username could change from jsmith to jjones.

Examples: Network ID, NetID, Login name, memorable campus creations like: ONYEN, UBITName, GopherID

CardID:

An alphanumeric string (mostly numeric) that is assigned to the identification card that a student/employee carries on them. This may include another ID within the full string, but usually also contains an issuance number that relates back to the number of times a new card has been issued to the person.

Campus Email:

Typically based on the username of an individual, the email address of a student/employee is sometimes (although rare) used for machine-based identification purposes, however many people use it as an identification reference for commonly contacted colleagues/peers. Campus email addresses are rarely reused, and a campus email will be associated with an individual student forever.

Example

Here is a set of IDs that could be assigned to Sara Staff at Hometown University:

EmplID: 000435621

StudentID: H00589043

NetID: sstaff

CardID: 000435621-1

Primary Email: sstaff@hometown.edu

Alias Email: sara.staff@hometown.edu

Designation of a Specific Identification Terminology

Because there is not a consensus on a common unique identification system or lexicon across institutions, Campus Labs imposes a specific terminology for the single and unique identification information that is used to identify a user within our infrastructure; called External Identifier. The platform relies upon the institution to provide an External Identifier for each user of the platform so that data can be kept orderly and is referable for reporting. Sometimes the External Identifier may be referred to as an External ID by Campus Labs staff.

The platform stores the External identifier the first time a User Account is created. Authentication is the primary method of External Identifier acquisition and relies upon the institution to pass a completely unique, non-repeated External identifier to the platform during a positive authorization transaction; therefore creating one, and only one, account for each member of the campus community.

External Identifier Selection Advice

The platform does not synchronize directly with the identity management system at an institution, which means that it cannot alter, dispose of, or re-assign an External Identifier to another community member in an automated manner. This condition REQUIRES that the External Identifier provided by the campus must be fully and indefinitely unique to avoid duplication of account creation or exposing incorrect data associations.

The following questions should be considered by anyone who is attempting to determine which campus ID convention should be used as the External Identifier.

1. Do IDs in this convention ever get re-issued or recycled to new people/users?

2. Can IDs in this convention, once issued to a person, ever change?

For the best possible reporting experience, it can be advantageous to select an External Identifier that is easy to compare to other data sources on campus. In order to consider the following question, the response to the questions above must both be “No” for multiple campus ID conventions:

3. Which campus ID convention is used most in the Student Information System (SIS) and/or Learning Management System (LMS) reports on campus?

The convention that is both indefinitely unique (required) and is easily comparable to other campus systems (optional) is the preferred convention to accept as the External Identifier.

 
Have more questions? Submit a request

Comments